Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Ajv
- Angular
- Apollo
- Argon2
- Audit
- Aws-lambda
- Axios
- Bluebird
- Browser
- Chrome-remote-interface
- Crypto
- Deno
- Express
- Fbjs
- Firebase
- Grpc
- Intercom
- Jose
- Jquery
- Jsonwebtoken
- Jssha
- Jwt-simple
- Knex
- Lang
- Best practice
- Correctness
- Hardcoded
- Security
- Security
- Monaco-editor
- Mongodb
- Mongoose
- Mssql
- Mysql
- Node-expat
- Passport-jwt
- Pg
- Phantom
- Playwright
- Puppeteer
- React
- Sandbox
- Sax
- Sequelize
- Serialize-javascript
- Shelljs
- Superagent
- Thenify
- Vm2
- Vue
- Wkhtmltoimage
- Wkhtmltopdf
- Xml2json
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Prototype pollution
Possibility of prototype polluting function detected. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). Possible mitigations might be: freezing the object prototype, using an object without prototypes (via Object.create(null) ), blocking modifications of attributes that resolve to object prototype, using Map instead of object.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
OWASP:
- A08:2021 - Software and Data Integrity Failures
Possibility of prototype polluting assignment detected. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). Possible mitigations might be: freezing the object prototype, using an object without prototypes (via Object.create(null) ), blocking modifications of attributes that resolve to object prototype, using Map instead of object.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
OWASP:
- A08:2021 - Software and Data Integrity Failures