Summary
Acunetix 360 identified a potential Prototype Pollution vulnerability in the application..
Regular expressions identified fragments of code indicative of potentially vulnerable libraries. It's important to note that the webpage may not utilize all parts of the JavaScript file.
Impact
Attackers can manipulate object prototypes, leading to unexpected behavior, data tampering, and potential compromise of the application.
Actions To Take
- Investigate the issue manually to confirm and address Prototype Pollution.
- Update relevant libraries or frameworks to versions that address known Prototype Pollution vulnerabilities.
- See the remedy for solution.
Remediation
Use the Object.freeze() method on critical objects, such as Object.prototype, to prevent modification of properties and the addition of new properties.Alternatively, consider using Object.seal() if changes to existing property values are allowed.