Description

Prototype pollution is a vulnerability where an attacker is able to modify Object.prototype. Because nearly all objects in JavaScript are instances of Object, a typical object inherits properties (including methods) from Object.prototype. Changing Object.prototype can result in a wide range of issues, sometimes even resulting in remote code execution.

The most common way to cause prototype pollution is to use an unsafe merge or extend function to recursively copy properties from an untrusted source object.

Remediation

Use a JavaScript library that is using a safe merge or extend function to recursively copy properties from an untrusted source object.

References

Analysis and Exploitation of Prototype Pollution attacks on NodeJs

Exploiting prototype pollution - RCE in Kibana (CVE-2019-7609)

Related Vulnerabilities

AngularJS client-side template injection

Deserialization of Untrusted Data (XStream)

Client-Side Prototype Pollution

DotNetNuke multiple vulnerabilities

WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Tags

Abuse Of Functionality