Description

Prototype pollution is a vulnerability where an attacker is able to modify Object.prototype. Because nearly all objects in JavaScript are instances of Object, a typical object inherits properties (including methods) from Object.prototype. Changing Object.prototype can result in a wide range of issues, sometimes even resulting in remote code execution.

The most common way to cause prototype pollution is to use an unsafe merge or extend function to recursively copy properties from an untrusted source object.

Remediation

Use a JavaScript library that is using a safe merge or extend function to recursively copy properties from an untrusted source object.

References

Analysis and Exploitation of Prototype Pollution attacks on NodeJs

Exploiting prototype pollution - RCE in Kibana (CVE-2019-7609)

Related Vulnerabilities

XML external entity injection (variant)

PHP mail function ASCII control character header spoofing vulnerability

Oracle E-Business Suite Frame Injection (CVE-2017-3528)

JSF ViewState client side storage

Deserialization of Untrusted Data (Java Object Deserialization)

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Tags

Abuse Of Functionality