Prototype Pollution

Severity: Low

Summary#

Invicti identified a potential Prototype Pollution vulnerability in the application..

Regular expressions identified fragments of code indicative of potentially vulnerable libraries. It's important to note that the webpage may not utilize all parts of the JavaScript file.

Impact#

Attackers can manipulate object prototypes, leading to unexpected behavior, data tampering, and potential compromise of the application.

Actions To Take#

Investigate the issue manually to confirm and address Prototype Pollution.
Update relevant libraries or frameworks to versions that address known Prototype Pollution vulnerabilities.
See the remedy for solution.

Remediation#

Use the Object.freeze() method on critical objects, such as Object.prototype, to prevent modification of properties and the addition of new properties.Alternatively, consider using Object.seal() if changes to existing property values are allowed.

Classifications#

HIPAA-164.306(a), PCI v3.2-6.5.7, OWASP 2013-A9, OWASP 2017-A9, CAPEC-180, CWE-1321, ISO27001-A.13.1.3

Prototype Pollution

Related Articles

Build your resistance to threats. And save hundreds of hours each month.