CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Description

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Latest vulnerabilities for CWE-1321

Multiple vulnerabilities in IBM Storage Defender - Data Protect 2025-07-23
Medium Yes

Multiple vulnerabilities in IBM Security QRadar Network Threat Analytics 2025-07-23
High Yes Public exploit

Splunk DB Connect update for third-party components 2025-07-08
High Yes

Multiple vulnerabilities in IBM Cloud Pak System 2025-07-02
Medium Yes Public exploit

IBM Cloud Pak for Data System update for ejs 2025-06-19
High Yes Public exploit

IBM Cloud Pak for Data update for Natural Intelligence fast-xml-parser 2025-06-05
Medium Yes

Multiple vulnerabilities in IBM Storage Copy Data Management 2025-05-19
High Yes Public exploit

Multiple vulnerabilities in IBM Knowledge Catalog for IBM Cloud Pak for Data 2025-05-09
High Yes Public exploit

Authenticated code execution via prototype pollution in Kibana 2025-05-06
Low Yes Public exploit

IBM watsonx Orchestrate with watsonx Assistant Cartridge update for DOMPurify 2025-05-06
Medium Yes

References

Description of CWE-1321 on Mitre website