| 2950 | Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge |
Prototype pollution |
Node.js third-party modules |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2020-12-23 | 2023-06-13 |
| 2185 | "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild |
Prototype pollution
XSS |
Apple
Atlassian
Mozilla
HubSpot
Segment Analytics |
Sergey Bobrov (@black2fan) |
Bug Bounty | 2021-09-28 | 2023-06-13 |
| 2098 | Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri |
OAuth
Prototype pollution |
GitHub
Microsoft
StackExchange |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2021-11-06 | 2023-06-13 |
| 1621 | Prototype Pollution in fast-xml-parser |
Prototype pollution |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
| 1443 | Widespread prototype pollution gadgets |
Prototype pollution |
NA |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2022-06-21 | 2023-06-13 |
| 1380 | Remote Code Execution via Prototype Pollution in Blitz.js |
Prototype pollution
RCE |
Blitz.js |
Paul Gerste |
Bug Bounty | 2022-07-12 | 2023-06-13 |
| 1251 | Mining Node.js Vulnerabilities via Object Dependence Graph and Query |
RCE
OS command injection
Prototype pollution
Path traversal |
NA |
Song Li |
Bug Bounty | 2022-08-10 | 2023-06-13 |
| 1186 | But You Told Me You Were Safe: Attacking The Mozilla Firefox Renderer (Part 1) |
Browser hacking
RCE
Prototype pollution |
Mozilla |
Hossein Lotfi (@hosselot) |
Bug Bounty | 2022-08-23 | 2023-06-13 |
| 1054 | TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531) |
DoS
SQL injection |
TypeORM |
Norbert Szetei (@73696e65) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 838 | Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js |
RCE
Prototype pollution
DoS |
Rocket.Chat
NPM CLI
Parse Server
Node.js |
Mikhail Shcherbakov |
Bug Bounty | 2022-11-11 | 2023-06-13 |
| 618 | Prototype Pollution in Python |
Prototype pollution
DoS |
NA |
Abdulraheem Khaled (@Abdulrah33mK) |
Bug Bounty | 2023-01-04 | 2023-06-13 |
| 443 | Detecting Server-Side Prototype Pollution |
Server-side prototype pollution |
NA |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2023-02-15 | 2023-06-13 |
| 442 | Server side prototype pollution, how to detect and exploit |
Server-side prototype pollution
RCE |
NA |
BitK (@BitK_) |
Bug Bounty | 2023-02-15 | 2023-06-13 |
| 441 | Server-side prototype pollution: Black-box detection without the DoS |
Server-side prototype pollution
RCE |
NA |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2023-02-15 | 2023-06-13 |
| 414 | Vulnerability write-up - "Dangerous assumptions" |
Prototype pollution
SQL injection
Security code review |
DIVD |
Thomas Rinsma (@thomasrinsma) |
Bug Bounty | 2023-02-22 | 2023-06-13 |
| 327 | EJS - Server Side Prototype Pollution gadgets to RCE |
Server-side prototype pollution
RCE
Security code review |
Node.js third-party modules (EJS) |
Mizu (@kevin_mizu) |
Bug Bounty | 2023-03-09 | 2023-06-13 |
| 269 | Exploiting prototype pollution in Node without the filesystem |
Server-side prototype pollution
RCE |
NA |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2023-03-23 | 2023-06-13 |
| 240 | Finding RCE in NodeJS templating engine %27Eta%27 - CVE-2022-25967 |
RCE
Server-side prototype pollution
Security code review |
Eta |
Rayhan Ahmed Niloy (@Rayhan0x01) |
Bug Bounty | 2023-04-01 | 2023-06-13 |
| 214 | A successful prototype pollution chained to a DOM XSS |
Prototype pollution
DOM XSS |
NA |
Allam Rachid (@blank_cold) |
Bug Bounty | 2023-04-10 | 2023-06-13 |
| 33 | Prototype Pollution Akamai |
Client-side prototype pollution
WAF bypass |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2023-06-03 | 2023-06-13 |
