Prototype Pollution

Example 1: JavaScript

Vulnerable Code:

javascriptCopy codelet user = JSON.parse(req.body.user);

Reason for vulnerability: If req.body.user contains __proto__, it can pollute the object prototype.

Fixed Code:

javascriptCopy codelet user = JSON.parse(req.body.user);
if (user.hasOwnProperty('__proto__')) {
    throw new Error('Prototype pollution attempt detected');
}

Reason for fix: Check for the presence of __proto__ and prevent prototype pollution.

Example 2: JavaScript

Vulnerable Code:

javascriptCopy codelet user = Object.assign({}, req.body);

Reason for vulnerability: If req.body contains __proto__, it can pollute the object prototype.

Fixed Code:

javascriptCopy codelet user = Object.assign({}, req.body);
if (user.hasOwnProperty('__proto__')) {
    throw new Error('Prototype pollution attempt detected');
}

Reason for fix: Check for the presence of __proto__ and prevent prototype pollution.

PreviousRFI NextConnection String Injection

Last updated 11 months ago