Improperly Controlled Modification of Dynamically-Determined Object Attributes
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| OWASP | A08:2021 - Software and Data Integrity Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This code may allow properties to be added or modified on the Object prototype, which can unintentionally affect all objects in the application. Such changes can occur when assigning to object properties using untrusted or dynamic keys in loops.
Impact#
If exploited, an attacker could inject or overwrite properties across all objects, potentially bypassing security checks or altering critical application behavior. This can lead to data corruption, privilege escalation, or application instability, making the system vulnerable to further attacks.