Furthermore, an object Prototype may have other Prototypes nested under it, and can inherit Prototypes from other objects. “Prototype” refers to a mechanism that enables JavaScript objects to inherit features from one to another.Įverything you type in JavaScript (except primitives) is an object. All JavaScript objects now have this attribute, and _proto_ itself is also defined as an object. The specification includes standardization of the _proto_ feature, a special attribute that refers to Prototypes of an object.
This specification created a JavaScript standard that ensures compatibility across various web browsers. Prototype pollution was introduced when the European Association of Computer Manufacturers (ECMA) published the ECMAScript2015, 6th Edition specification. How Do Prototype Pollution Vulnerabilities Happen? This can lead to denial of service (DoS) or remote code execution (RCE). Once threat actors can control the default values of the object’s properties, they can tamper with the application’s logic. This malicious prototype can pass to many other objects that inherit that prototype. This vulnerability is called prototype pollution because it allows threat actors to inject values that overwrite or pollute the “prototype” of a base object. In a prototype pollution attack, threat actors inject properties into existing JavaScript construct prototypes, attempting to compromise the application.
Prototype pollution is a vulnerability that enables threat actors to exploit JavaScript runtimes.
0 kommentar(er)
