Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

780 vulnerabilities reference this CWE, most recent first.

GHSA-2G4C-8FPM-C46V

Vulnerability from github – Published: 2024-03-27 21:57 – Updated: 2024-03-27 21:57
VLAI
Summary
web3-utils Prototype Pollution vulnerability
Details

Impact:

The mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing carefully crafted input to function.

Patches:

It has been fixed in web3-utils version 4.2.1 so all packages and apps depending on web3-utils >=4.0.1 and <=4.2.0 should upgrade to web3-utils 4.2.1.

Workarounds:

None

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "web3-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.1"
            },
            {
              "fixed": "4.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-27T21:57:42Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact: \nThe mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object\u0027s prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing carefully crafted input to function.\n\n### Patches: \nIt has been fixed in web3-utils version 4.2.1 so all packages and apps depending on web3-utils \u003e=4.0.1 and \u003c=4.2.0 should upgrade to web3-utils 4.2.1.\n\n### Workarounds: \nNone\n",
  "id": "GHSA-2g4c-8fpm-c46v",
  "modified": "2024-03-27T21:57:42Z",
  "published": "2024-03-27T21:57:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/web3/web3.js/security/advisories/GHSA-2g4c-8fpm-c46v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21505"
    },
    {
      "type": "WEB",
      "url": "https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/web3/web3.js"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "web3-utils Prototype Pollution vulnerability"
}

GHSA-2GHC-6V89-PW9J

Vulnerability from github – Published: 2021-09-14 20:25 – Updated: 2022-08-10 23:37
VLAI
Summary
body-parser-xml vulnerable to Prototype Pollution
Details

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "body-parser-xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-14T18:39:31Z",
    "nvd_published_at": "2021-09-13T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027).",
  "id": "GHSA-2ghc-6v89-pw9j",
  "modified": "2022-08-10T23:37:49Z",
  "published": "2021-09-14T20:25:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3666"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fiznool/body-parser-xml/commit/d46ca622560f7c9a033cd9321c61e92558150d63"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fiznool/body-parser-xml"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/1-other-fiznool/body-parser-xml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "body-parser-xml vulnerable to Prototype Pollution"
}

GHSA-2GQW-Q9R9-7F79

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2023-10-19 18:27
VLAI
Summary
Changeset vulnerable to prototype pollution
Details

Overview

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution.

Details

The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply()' does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.

PoC Details

The 'apply()' function accepts 'changes, target, modify' as argument. Due to the absence of validation on the values passed into the 'changes' argument, an attacker can supply a malicious value by adjusting the value to include the 'proto' property. Since there is no validation before assigning the property to check whether the assigned argument is the Object's own property or not, the property 'polluted' will be directly be assigned to the new object thereby polluting the Object prototype. Using the example below, if there is a check to validate 'polluted' the valued later in the code, it would be substituted as "Yes! Its Polluted" as it had been polluted.

PoC Code

var changeset = require("changeset") const patch = [{
    type: 'put',
    key: ["__proto__", "polluted"],
    value: "Yes! Its Polluted"
}];
console.log("Before : " + {}.polluted);
changeset.apply(patch, {}, true);
console.log("After : " + {}.polluted);
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "changeset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.1"
            },
            {
              "fixed": "0.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-19T18:27:41Z",
    "nvd_published_at": "2021-03-09T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Overview\nPrototype pollution vulnerability in \u0027changeset\u0027 versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution.\n\n### Details\nThe npm module \u0027changeset\u0027 can be abused by Prototype Pollution vulnerability since the function \u0027apply()\u0027 does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to Denial of Service or potentially Remote code execution.\n\n### PoC Details\nThe \u0027apply()\u0027 function accepts \u0027changes, target, modify\u0027 as argument. Due to the absence of validation on the values passed into the \u0027changes\u0027 argument, an attacker can supply a malicious value by adjusting the value to include the \u0027__proto__\u0027 property. Since there is no validation before assigning the property to check whether the assigned argument is the Object\u0027s own property or not, the property \u0027polluted\u0027 will be directly be assigned to the new object thereby polluting the Object prototype. Using the example below, if there is a check to validate \u0027polluted\u0027 the valued later in the code, it would be substituted as \"Yes! Its Polluted\" as it had been polluted.\n\n### PoC Code\n\n```js\nvar changeset = require(\"changeset\") const patch = [{\n    type: \u0027put\u0027,\n    key: [\"__proto__\", \"polluted\"],\n    value: \"Yes! Its Polluted\"\n}];\nconsole.log(\"Before : \" + {}.polluted);\nchangeset.apply(patch, {}, true);\nconsole.log(\"After : \" + {}.polluted);\n```",
  "id": "GHSA-2gqw-q9r9-7f79",
  "modified": "2023-10-19T18:27:41Z",
  "published": "2022-05-24T17:44:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25915"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eugeneware/changeset/commit/9e588844edbb9993b32e7366cc799262b4447f99"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eugeneware/changeset"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210323102946/https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25915"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Changeset vulnerable to prototype pollution"
}

GHSA-2J2X-2GPW-G8FM

Vulnerability from github – Published: 2022-12-25 21:30 – Updated: 2026-01-21 14:45
VLAI
Summary
flat vulnerable to Prototype Pollution
Details

flat helps flatten/unflatten nested Javascript objects. A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 can address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "flat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "flat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "flat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "flat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "flat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T16:27:14Z",
    "nvd_published_at": "2022-12-25T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "flat helps flatten/unflatten nested Javascript objects. A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 can address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability.",
  "id": "GHSA-2j2x-2gpw-g8fm",
  "modified": "2026-01-21T14:45:10Z",
  "published": "2022-12-25T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36632"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/issues/105"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/pull/106"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/commit/20ef0ef55dfa028caddaedbcb33efbdb04d18e13"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hughsk/flat"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/compare/3.0.0...3.0.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/compare/4.1.0...4.1.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/compare/v1.6.0...1.6.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/compare/v2.0.1...2.0.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hughsk/flat/releases/tag/5.0.1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.216777"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216777"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "flat vulnerable to Prototype Pollution"
}

GHSA-2J4C-9QQQ-896R

Vulnerability from github – Published: 2025-09-24 21:30 – Updated: 2025-09-26 12:55
VLAI
Summary
web3-core-method is vulnerable to prototype pollution
Details

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "web3-core-method"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-57329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-26T12:55:46Z",
    "nvd_published_at": "2025-09-24T20:15:32Z",
    "severity": "LOW"
  },
  "details": "web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.",
  "id": "GHSA-2j4c-9qqq-896r",
  "modified": "2025-09-26T12:55:46Z",
  "published": "2025-09-24T21:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57329"
    },
    {
      "type": "WEB",
      "url": "https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/web3-core-method%401.10.4/index.js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57329"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/web3/web3.js/tree/1.x"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "web3-core-method is vulnerable to prototype pollution"
}

GHSA-2M53-83F3-562J

Vulnerability from github – Published: 2022-02-01 00:44 – Updated: 2025-07-18 19:59
VLAI
Summary
Prototype pollution in min-dash
Details

Impact

The set method is vulnerable to prototype pollution with specially crafted inputs.

// insert the following into poc.js and run node poc,js (after installing the package)

let parser = require("min-dash");
parser.set({}, [["__proto__"], "polluted"], "success");
console.log(polluted);

Patches

min-dash>=3.8.1 fix the issue.

Workarounds

No workarounds exist for the issue.

References

Closed via https://github.com/bpmn-io/min-dash/pull/21.

Credits

Credits to Cristian-Alexandru STAICU who found the vulnerability and to Idan Digmi from the Snyk Security Team who reported the vulnerability to us, responsibly.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "min-dash"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars.npm:min-dash"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-27T23:11:40Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe `set` method is vulnerable to prototype pollution with specially crafted inputs.\n\n```javascript\n// insert the following into poc.js and run node poc,js (after installing the package)\n \nlet parser = require(\"min-dash\");\nparser.set({}, [[\"__proto__\"], \"polluted\"], \"success\");\nconsole.log(polluted);\n```\n\n### Patches\n\n`min-dash\u003e=3.8.1` fix the issue.\n\n### Workarounds\n\nNo workarounds exist for the issue.\n\n### References\n\nClosed via https://github.com/bpmn-io/min-dash/pull/21.\n\n### Credits\n\nCredits to Cristian-Alexandru STAICU who found the vulnerability and to Idan Digmi from the Snyk Security Team who reported the vulnerability to us, responsibly.",
  "id": "GHSA-2m53-83f3-562j",
  "modified": "2025-07-18T19:59:29Z",
  "published": "2022-02-01T00:44:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bpmn-io/min-dash/security/advisories/GHSA-2m53-83f3-562j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23460"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bpmn-io/min-dash/pull/21"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bpmn-io/min-dash/commit/2c6689e2aa29f4b66a4874a2f3003431e9db48d1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bpmn-io/min-dash"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bpmn-io/min-dash/blob/c4d579c0eb2ed0739592111c3906b198921d3f52/lib/object.js#L32"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2342127"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-MINDASH-2340605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype pollution in min-dash"
}

GHSA-2M96-9W4J-WGV7

Vulnerability from github – Published: 2020-09-03 18:06 – Updated: 2020-08-31 18:46
VLAI
Summary
Prototype Pollution in lodash.merge
Details

Versions of lodash.merge before 4.6.1 are vulnerable to Prototype Pollution. The function 'merge' may allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.

Recommendation

Update to version 4.6.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "lodash.merge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:46:06Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions of `lodash.merge` before 4.6.1 are vulnerable to Prototype Pollution. The function \u0027merge\u0027 may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpdate to version 4.6.1 or later.",
  "id": "GHSA-2m96-9w4j-wgv7",
  "modified": "2020-08-31T18:46:06Z",
  "published": "2020-09-03T18:06:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1067"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in lodash.merge"
}

GHSA-2QVQ-RJWJ-GVW9

Vulnerability from github – Published: 2026-03-26 22:20 – Updated: 2026-03-27 21:52
VLAI
Summary
Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
Details

Summary

resolvePartial() in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype has been polluted with a string value whose key matches a partial reference in a template, the polluted string is used as the partial body and rendered without HTML escaping, resulting in reflected or stored XSS.

Description

The root cause is in lib/handlebars/runtime.js inside resolvePartial() and invokePartial():

// Vulnerable: plain bracket access traverses Object.prototype
partial = options.partials[options.name];

hasOwnProperty is never checked, so if Object.prototype has been seeded with a key whose name matches a partial reference in the template (e.g. widget), the lookup succeeds and the polluted string is returned. The runtime emits a prototype-access warning, but the partial is still resolved and its content is inserted into the rendered output unescaped. This contradicts the documented security model and is distinct from CVE-2021-23369 and CVE-2021-23383, which addressed data property access rather than partial template resolution.

Prerequisites for exploitation: 1. The target application must be vulnerable to prototype pollution (e.g. via qs, minimist, or any querystring/JSON merge sink). 2. The attacker must know or guess the name of a partial reference used in a template.

Proof of Concept

const Handlebars = require('handlebars');

// Step 1: Prototype pollution (via qs, minimist, or another vector)
Object.prototype.widget = '<img src=x onerror="alert(document.domain)">';

// Step 2: Normal template that references a partial
const template = Handlebars.compile('<div>Welcome! {{> widget}}</div>');

// Step 3: Render — XSS payload injected unescaped
const output = template({});
// Output: <div>Welcome! <img src=x onerror="alert(document.domain)"></div>

The runtime prints a prototype access warning claiming "access has been denied," but the partial still resolves and returns the polluted value.

Workarounds

  • Apply Object.freeze(Object.prototype) early in application startup to prevent prototype pollution. Note: this may break other libraries.
  • Use the Handlebars runtime-only build (handlebars/runtime), which does not compile templates and reduces the attack surface.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "handlebars"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T22:20:51Z",
    "nvd_published_at": "2026-03-27T21:17:27Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\n`resolvePartial()` in the Handlebars runtime resolves partial names via a plain property lookup on `options.partials` without guarding against prototype-chain traversal. When `Object.prototype` has been polluted with a string value whose key matches a partial reference in a template, the polluted string is used as the partial body and rendered **without HTML escaping**, resulting in reflected or stored XSS.\n\n## Description\n\nThe root cause is in `lib/handlebars/runtime.js` inside `resolvePartial()` and `invokePartial()`:\n\n```javascript\n// Vulnerable: plain bracket access traverses Object.prototype\npartial = options.partials[options.name];\n```\n\n`hasOwnProperty` is never checked, so if `Object.prototype` has been seeded with a key whose name matches a partial reference in the template (e.g. `widget`), the lookup succeeds and the polluted string is returned. The runtime emits a prototype-access warning, but the partial is still resolved and its content is inserted into the rendered output unescaped. This contradicts the documented security model and is distinct from CVE-2021-23369 and CVE-2021-23383, which addressed data property access rather than partial template resolution.\n\n**Prerequisites for exploitation:**\n1. The target application must be vulnerable to prototype pollution (e.g. via `qs`, `minimist`, or\n   any querystring/JSON merge sink).\n2. The attacker must know or guess the name of a partial reference used in a template.\n\n## Proof of Concept\n\n```javascript\nconst Handlebars = require(\u0027handlebars\u0027);\n\n// Step 1: Prototype pollution (via qs, minimist, or another vector)\nObject.prototype.widget = \u0027\u003cimg src=x onerror=\"alert(document.domain)\"\u003e\u0027;\n\n// Step 2: Normal template that references a partial\nconst template = Handlebars.compile(\u0027\u003cdiv\u003eWelcome! {{\u003e widget}}\u003c/div\u003e\u0027);\n\n// Step 3: Render \u2014 XSS payload injected unescaped\nconst output = template({});\n// Output: \u003cdiv\u003eWelcome! \u003cimg src=x onerror=\"alert(document.domain)\"\u003e\u003c/div\u003e\n```\n\n\u003e The runtime prints a prototype access warning claiming \"access has been denied,\" but the partial still resolves and returns the polluted value.\n\n## Workarounds\n\n- Apply `Object.freeze(Object.prototype)` early in application startup to prevent prototype  pollution. Note: this may break other libraries.\n- Use the Handlebars runtime-only build (`handlebars/runtime`), which does not compile templates  and reduces the attack surface.",
  "id": "GHSA-2qvq-rjwj-gvw9",
  "modified": "2026-03-27T21:52:02Z",
  "published": "2026-03-26T22:20:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33916"
    },
    {
      "type": "WEB",
      "url": "https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/handlebars-lang/handlebars.js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection"
}

GHSA-2RXH-H6H9-QRQC

Vulnerability from github – Published: 2020-05-13 23:18 – Updated: 2021-01-08 20:16
VLAI
Summary
Class destructors causing side-effects when being unserialized in TYPO3 CMS
Details

Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message submission via email using identity of web site (mail relay)

Another insecure deserialization vulnerability is required to actually exploit mentioned aspects.

Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described.

References

  • https://typo3.org/security/advisory/typo3-core-sa-2020-004
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-11066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-05-13T23:17:19Z",
    "nvd_published_at": "2020-05-14T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Calling unserialize() on malicious user-submitted content can result in the following scenarios:\n- trigger deletion of arbitrary directory in file system (if writable for web server)\n- trigger message submission via email using identity of web site (mail relay)\n\nAnother insecure deserialization vulnerability is required to actually exploit mentioned aspects.\n\nUpdate to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described.\n\n### References\n* https://typo3.org/security/advisory/typo3-core-sa-2020-004",
  "id": "GHSA-2rxh-h6h9-qrqc",
  "modified": "2021-01-08T20:16:34Z",
  "published": "2020-05-13T23:18:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11066"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11066.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11066.yaml"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Class destructors causing side-effects when being unserialized in TYPO3 CMS"
}

GHSA-2VFF-HJ5X-8GQ7

Vulnerability from github – Published: 2026-06-16 19:00 – Updated: 2026-06-16 19:00
VLAI
Summary
n8n: Prototype Pollution enables confused-deputy execution via public webhooks
Details

Impact

A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes.

Where a workflow combines a public webhook with action nodes that consume the resulting fields, an attacker could cause the workflow to act as a confused deputy — targeting unintended records or issuing outbound requests using the workflow owner's configured credentials.

Patches

The issue has been fixed in n8n versions 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Avoid exposing public (unauthenticated) webhook workflows that pass incoming data through transform nodes into action nodes with sensitive credentials or database operations. - Limit workflow creation and editing permissions to fully trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.26.0"
            },
            {
              "fixed": "2.26.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.25.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T19:00:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Impact\nA prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes.\n\nWhere a workflow combines a public webhook with action nodes that consume the resulting fields, an attacker could cause the workflow to act as a confused deputy \u2014 targeting unintended records or issuing outbound requests using the workflow owner\u0027s configured credentials.\n\n## Patches\nThe issue has been fixed in n8n versions 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Avoid exposing public (unauthenticated) webhook workflows that pass incoming data through transform nodes into action nodes with sensitive credentials or database operations.\n- Limit workflow creation and editing permissions to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
  "id": "GHSA-2vff-hj5x-8gq7",
  "modified": "2026-06-16T19:00:41Z",
  "published": "2026-06-16T19:00:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2vff-hj5x-8gq7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n: Prototype Pollution enables confused-deputy execution via public webhooks"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.