11 matches found
CVE-2026-46510
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
CVE-2026-46510
CVE-2026-46510 affects form-data-objectizer
CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
CVE-2026-46510
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
EUVD-2026-33321
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...
form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
Summary form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate Object.prototype, which is a prototype pollution primitive of th...
GHSA-M2HG-WJQ3-28WQ form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
Summary form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate Object.prototype, which is a prototype pollution primitive of th...
PT-2026-41696
Name of the Vulnerable Software and Affected Versions form-data-objectizer versions prior to 1.0.1 Description The software fails to filter proto , constructor, or prototype when converting FormData to objects using bracket-notation form keys. An attacker can submit a single HTTP form field with ...
CVE-2026-46510
creationtimestamp| type| source ---|---|--- 2026-05-11 16:10:55+00:00| published-proof-of-concept| https://github.com/kaspernj/form-data-objectizer/security/advisories/GHSA-m2hg-wjq3-28wq 2026-05-29 15:00:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmyshpa7fd2v...