CWE-471
Modification of Assumed-Immutable Data (MAID)
Description
The product does not properly protect an assumed-immutable element from being modified by an attacker.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388
CVEs mapped to this weakness (23)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8147 | — | 0.00 | — | 0.03 | Apr 3, 2020 | Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. | ||
| CVE-2020-8116 | — | 0.00 | — | 0.03 | Feb 4, 2020 | Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | ||
| CVE-2011-4301 | 0.00 | — | 0.02 | Jul 11, 2012 | The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the… |
- CVE-2020-8147Apr 3, 2020risk 0.00cvss —epss 0.03
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.
- CVE-2020-8116Feb 4, 2020risk 0.00cvss —epss 0.03
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
- CVE-2011-4301Jul 11, 2012risk 0.00cvss —epss 0.02
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the…