logo

Database

Prototype Pollution

Description

An application object, method or module can be overwritten with malicious logic due to the lack of validations and the nature of the JavaScript language.

Impact

- Overwrite or pollute the behavior of existing methods in the application. - Lead to dangerous vulnerabilities such as XSS, SQLi, RCE, among others.

Recommendation

- Implement integrity validations on the vulnerable objects. - Restrict and Discourage the use harmful properties such as _proto_ in the system objects.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

173 - Discard unsafe inputs

Fixes

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

H

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

N

Integrity (VI)

L

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

P

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P