Description

An application object, method or module can be overwritten with malicious logic due to the lack of validations and the nature of the JavaScript language.

Impact

- Overwrite or pollute the behavior of existing methods in the application. - Lead to dangerous vulnerabilities such as XSS, SQLi, RCE, among others.

Recommendation

- Implement integrity validations on the vulnerable objects. - Restrict and Discourage the use harmful properties such as _proto_ in the system objects.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes