CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
CVE-2024-14020 (GCVE-0-2024-14020)
Vulnerability from cvelistv5 – Published: 2026-01-07 00:02 – Updated: 2026-02-23 08:19 X_Open Source
VLAI
Title
carboneio carbone Formatter input.js prototype pollution
Summary
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. Upgrading to version 3.5.6 will fix this issue. This patch is called 04f9feb24bfca23567706392f9ad2c53bbe4134e. You should upgrade the affected component. A successful exploitation can "only occur if the parent NodeJS application has the same security issue".
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.339503 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.339503 | signaturepermissions-required |
| https://github.com/carboneio/carbone/commit/04f9f… | patch |
| https://github.com/carboneio/carbone/releases/tag/3.5.6 | patch |
| https://github.com/carboneio/carbone/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:38:47.866114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T14:42:48.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Formatter Handler"
],
"product": "carbone",
"vendor": "carboneio",
"versions": [
{
"status": "affected",
"version": "fbcd349077ad0e8748be73eab2a82ea92b6f8a7e"
},
{
"status": "unaffected",
"version": "3.5.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. Upgrading to version 3.5.6 will fix this issue. This patch is called 04f9feb24bfca23567706392f9ad2c53bbe4134e. You should upgrade the affected component. A successful exploitation can \"only occur if the parent NodeJS application has the same security issue\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "Improperly Controlled Modification of Object Prototype Attributes",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:19:40.563Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339503 | carboneio carbone Formatter input.js prototype pollution",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339503"
},
{
"name": "VDB-339503 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339503"
},
{
"tags": [
"patch"
],
"url": "https://github.com/carboneio/carbone/commit/04f9feb24bfca23567706392f9ad2c53bbe4134e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/carboneio/carbone/releases/tag/3.5.6"
},
{
"tags": [
"product"
],
"url": "https://github.com/carboneio/carbone/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-12T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2026-01-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-07T13:35:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "carboneio carbone Formatter input.js prototype pollution"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-14020",
"datePublished": "2026-01-07T00:02:07.376Z",
"dateReserved": "2026-01-04T18:23:09.662Z",
"dateUpdated": "2026-02-23T08:19:40.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23339 (GCVE-0-2024-23339)
Vulnerability from cvelistv5 – Published: 2024-01-22 22:54 – Updated: 2025-06-17 21:19
VLAI
Title
hoolock does not block Prototype pollution with object-path related utilities
Summary
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/elijahharry/hoolock/security/a… | x_refsource_CONFIRM |
| https://github.com/elijahharry/hoolock/commit/97a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| elijahharry | hoolock |
Affected:
>= 2.0.0, < 2.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25"
},
{
"name": "https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T21:32:25.688935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:25.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hoolock",
"vendor": "elijahharry",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T22:54:53.096Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25"
},
{
"name": "https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982"
}
],
"source": {
"advisory": "GHSA-4c2g-hx49-7h25",
"discovery": "UNKNOWN"
},
"title": "hoolock does not block Prototype pollution with object-path related utilities"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23339",
"datePublished": "2024-01-22T22:54:53.096Z",
"dateReserved": "2024-01-15T15:19:19.444Z",
"dateUpdated": "2025-06-17T21:19:25.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2495 (GCVE-0-2024-2495)
Vulnerability from cvelistv5 – Published: 2024-03-15 13:07 – Updated: 2024-08-01 19:18
VLAI
Title
Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt
Summary
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FriendlyElec | FriendlyWrt |
Affected:
2022-11-16.51b3d35
|
Date Public
2024-03-15 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T15:53:38.611188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:18.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:18:47.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FriendlyWrt",
"vendor": "FriendlyElec",
"versions": [
{
"status": "affected",
"version": "2022-11-16.51b3d35"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "HADESS"
}
],
"datePublic": "2024-03-15T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data."
}
],
"value": "Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T13:07:05.436Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cryptographic key in plain text vulnerability in FriendlyElec\u0027s FriendlyWrt",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-2495",
"datePublished": "2024-03-15T13:07:05.436Z",
"dateReserved": "2024-03-15T09:18:10.418Z",
"dateUpdated": "2024-08-01T19:18:47.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27307 (GCVE-0-2024-27307)
Vulnerability from cvelistv5 – Published: 2024-03-06 19:24 – Updated: 2024-08-13 17:23
VLAI
Title
JSONata expression can pollute the "Object" prototype
Summary
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/jsonata-js/jsonata/security/ad… | x_refsource_CONFIRM |
| https://github.com/jsonata-js/jsonata/commit/1d57… | x_refsource_MISC |
| https://github.com/jsonata-js/jsonata/commit/335d… | x_refsource_MISC |
| https://github.com/jsonata-js/jsonata/commit/c907… | x_refsource_MISC |
| https://github.com/jsonata-js/jsonata/releases/ta… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| jsonata-js | jsonata |
Affected:
>= 1.4.0, < 1.8.7
Affected: >= 2.0.0, < 2.0.4 |
|
| jsonatajs | jsonata |
Affected:
1.4.0 , < 1.8.7
(custom)
Affected: 2.0.0 , < 2.0.4 (custom) cpe:2.3:a:jsonatajs:jsonata:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8"
},
{
"name": "https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1"
},
{
"name": "https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c"
},
{
"name": "https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2"
},
{
"name": "https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jsonatajs:jsonata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jsonata",
"vendor": "jsonatajs",
"versions": [
{
"lessThan": "1.8.7",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T20:11:04.720141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T17:23:40.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jsonata",
"vendor": "jsonata-js",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.8.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T19:24:16.876Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8"
},
{
"name": "https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1"
},
{
"name": "https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c"
},
{
"name": "https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2"
},
{
"name": "https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4"
}
],
"source": {
"advisory": "GHSA-fqg8-vfv7-8fj8",
"discovery": "UNKNOWN"
},
"title": "JSONata expression can pollute the \"Object\" prototype"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27307",
"datePublished": "2024-03-06T19:24:16.876Z",
"dateReserved": "2024-02-22T18:08:38.876Z",
"dateUpdated": "2024-08-13T17:23:40.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32866 (GCVE-0-2024-32866)
Vulnerability from cvelistv5 – Published: 2024-04-23 21:07 – Updated: 2024-08-02 02:20
VLAI
Title
Conform contains Prototype Pollution Vulnerability in `parseWith...` function
Summary
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/edmundhung/conform/security/ad… | x_refsource_CONFIRM |
| https://github.com/edmundhung/conform/commit/4819… | x_refsource_MISC |
| https://github.com/edmundhung/conform/blob/59156d… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| edmundhung | conform |
Affected:
< 1.1.1
|
|
| edmundhung | conform |
Affected:
*
cpe:2.3:a:edmundhung:conform:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:edmundhung:conform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "conform",
"vendor": "edmundhung",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T12:18:26.633617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:16.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf"
},
{
"name": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de"
},
{
"name": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "conform",
"vendor": "edmundhung",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-23T21:07:06.216Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf"
},
{
"name": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/edmundhung/conform/commit/4819d51b5a53fd5486fc85c17cdc148eb160e3de"
},
{
"name": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117"
}
],
"source": {
"advisory": "GHSA-624g-8qjg-8qxf",
"discovery": "UNKNOWN"
},
"title": "Conform contains Prototype Pollution Vulnerability in `parseWith...` function"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32866",
"datePublished": "2024-04-23T21:07:06.216Z",
"dateReserved": "2024-04-19T14:07:11.228Z",
"dateUpdated": "2024-08-02T02:20:35.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34698 (GCVE-0-2024-34698)
Vulnerability from cvelistv5 – Published: 2024-05-13 15:50 – Updated: 2024-08-02 02:59
VLAI
Title
Prototype Pollution in getQueryParam Function (URL Query Parser)
Summary
FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an object containing user-controllable properties into an existing object (For URL Query Parameters Parsing), without first sanitizing the keys. This can allow an attacker to inject a property with a key `__proto__`, along with arbitrarily nested properties. The merge operation assigns the nested properties to the `params` object's prototype instead of the target object itself. As a result, the attacker can pollute the prototype with properties containing harmful values, which are then inherited by user-defined objects and subsequently used by the application dangerously. The vulnerability lets an attacker control properties of objects that would otherwise be inaccessible. If the application subsequently handles an attacker-controlled property in an unsafe way, this can potentially be chained with other vulnerabilities like DOM-based XSS, Open Redirection, Cookie Manipulation, Link Manipulation, HTML Injection, etc. Version 1.8.139 contains a patch for the issue.
Severity
4.6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/freescout-helpdesk/freescout/s… | x_refsource_CONFIRM |
| https://github.com/freescout-helpdesk/freescout/c… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| freescout-helpdesk | freescout |
Affected:
< 1.8.139
|
|
| freescout_helpdesk | freescout |
Affected:
0 , < 1.8.139
(custom)
cpe:2.3:a:freescout_helpdesk:freescout:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:freescout_helpdesk:freescout:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freescout",
"vendor": "freescout_helpdesk",
"versions": [
{
"lessThan": "1.8.139",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34698",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:35:12.548255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:25.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r"
},
{
"name": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freescout",
"vendor": "freescout-helpdesk",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.139"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the `/public/js/main.js` source file. The Prototype Pollution arises because the `getQueryParam` Function recursively merges an object containing user-controllable properties into an existing object (For URL Query Parameters Parsing), without first sanitizing the keys. This can allow an attacker to inject a property with a key `__proto__`, along with arbitrarily nested properties. The merge operation assigns the nested properties to the `params` object\u0027s prototype instead of the target object itself. As a result, the attacker can pollute the prototype with properties containing harmful values, which are then inherited by user-defined objects and subsequently used by the application dangerously. The vulnerability lets an attacker control properties of objects that would otherwise be inaccessible. If the application subsequently handles an attacker-controlled property in an unsafe way, this can potentially be chained with other vulnerabilities like DOM-based XSS, Open Redirection, Cookie Manipulation, Link Manipulation, HTML Injection, etc. Version 1.8.139 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T15:50:34.498Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-rx6j-4c33-9h3r"
},
{
"name": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/freescout-helpdesk/freescout/commit/2614514bc6d6c4ad563202a1c9cae5a97b195cc5"
}
],
"source": {
"advisory": "GHSA-rx6j-4c33-9h3r",
"discovery": "UNKNOWN"
},
"title": "Prototype Pollution in getQueryParam Function (URL Query Parser)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34698",
"datePublished": "2024-05-13T15:50:34.498Z",
"dateReserved": "2024-05-07T13:53:00.131Z",
"dateUpdated": "2024-08-02T02:59:21.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45277 (GCVE-0-2024-45277)
Vulnerability from cvelistv5 – Published: 2024-10-08 03:21 – Updated: 2024-10-08 14:01
VLAI
Title
Prototype Pollution vulnerability in SAP HANA Client
Summary
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP HANA Client |
Affected:
HDB_CLIENT 2.0
|
|
| sap_se | sap_hana_client |
Affected:
HDB_CLIENT 2.0
cpe:2.3:a:sap_se:sap_hana_client:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap_se:sap_hana_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_hana_client",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "HDB_CLIENT 2.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:59:56.396341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:01:44.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP HANA Client",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "HDB_CLIENT 2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.\u003c/p\u003e"
}
],
"value": "The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T09:52:33.850Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3520100"
},
{
"url": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://www.npmjs.com/package/@sap/hana-client?activeTab=code"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Prototype Pollution vulnerability in SAP HANA Client",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45277",
"datePublished": "2024-10-08T03:21:16.236Z",
"dateReserved": "2024-08-26T10:39:20.931Z",
"dateUpdated": "2024-10-08T14:01:44.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45815 (GCVE-0-2024-45815)
Vulnerability from cvelistv5 – Published: 2024-09-17 20:14 – Updated: 2024-09-18 14:49
VLAI
Title
Prototype pollution in @backstage/plugin-catalog-backend
Summary
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/backstage/backstage/security/a… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:49:00.159321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:49:10.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "backstage",
"vendor": "backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 1.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:14:31.104Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j"
}
],
"source": {
"advisory": "GHSA-3x3f-jcp3-g22j",
"discovery": "UNKNOWN"
},
"title": "Prototype pollution in @backstage/plugin-catalog-backend"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45815",
"datePublished": "2024-09-17T20:14:31.104Z",
"dateReserved": "2024-09-09T14:23:07.506Z",
"dateUpdated": "2024-09-18T14:49:10.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48910 (GCVE-0-2024-48910)
Vulnerability from cvelistv5 – Published: 2024-10-31 14:22 – Updated: 2025-11-03 20:41
VLAI
Title
DOMPurify vulnerable to tampering by prototype polution
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cure53/DOMPurify/security/advi… | x_refsource_CONFIRM |
| https://github.com/cure53/DOMPurify/commit/d1dd03… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dompurify",
"vendor": "cure53",
"versions": [
{
"lessThan": "2.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T15:52:58.729943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T15:55:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:41:01.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DOMPurify",
"vendor": "cure53",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:22:52.867Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr"
},
{
"name": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc"
}
],
"source": {
"advisory": "GHSA-p3vf-v8qc-cwcr",
"discovery": "UNKNOWN"
},
"title": "DOMPurify vulnerable to tampering by prototype polution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-48910",
"datePublished": "2024-10-31T14:22:52.867Z",
"dateReserved": "2024-10-09T22:06:46.171Z",
"dateUpdated": "2025-11-03T20:41:01.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52441 (GCVE-0-2024-52441)
Vulnerability from cvelistv5 – Published: 2024-11-20 11:14 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability
Summary
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through <= 1.0.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rajesh Thanoch | Quick Learn |
Affected:
0 , ≤ 1.0.1
(custom)
|
|
| rajesh_thanoch | quick_learn |
Affected:
0 , ≤ 1.0.1
(custom)
cpe:2.3:a:rajesh_thanoch:quick_learn:*:*:*:*:*:*:*:* |
Date Public
2026-04-01 16:29
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rajesh_thanoch:quick_learn:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "quick_learn",
"vendor": "rajesh_thanoch",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:08:07.913118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:09:35.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "quick-learn",
"product": "Quick Learn",
"vendor": "Rajesh Thanoch",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:29:54.074Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.\u003cp\u003eThis issue affects Quick Learn: from n/a through \u003c= 1.0.1.\u003c/p\u003e"
}
],
"value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027) vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through \u003c= 1.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:42.139Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/quick-learn/vulnerability/wordpress-quick-learn-plugin-1-0-1-php-object-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress Quick Learn plugin \u003c= 1.0.1 - PHP Object Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-52441",
"datePublished": "2024-11-20T11:14:36.279Z",
"dateReserved": "2024-11-11T06:39:48.584Z",
"dateUpdated": "2026-04-28T16:10:42.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
Mitigation
Phase: Architecture and Design
Description:
- By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
Mitigation
Phase: Implementation
Strategy: Input Validation
Description:
- When handling untrusted objects, validating using a schema can be used.
Mitigation
Phase: Implementation
Description:
- By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
Mitigation
Phase: Implementation
Description:
- Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.