CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Description

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Common consequences

• Confidentiality,Integrity,Availability→Read Application Data,Modify Application Data
  This weakness is usually exploited by using a special attribute of objects called proto, constructor, or prototype. Such attributes give access to the object prototype. An attacker can inject attributes that are used in other components by
• Availability→DoS: Crash, Exit, or Restart
  An attacker can override existing attributes with ones that have incompatible type, which may lead to a crash.

Potential mitigations

• Implementation
  By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.
• Architecture and Design
  By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.
• Implementation
  When handling untrusted objects, validating using a schema can be used.
• Implementation
  By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.
• Implementation
  Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.

Related CWEs

Recent CVEs classified under this CWE