Prototype pollution is a security vulnerability that allows attackers to exploit JavaScript runtimes. In this attack, the attacker injects properties into existing JavaScript construct prototypes to manipulate the application. Before diving into the different attack scenarios, let’s understand how the prototype pollution came into the picture.
To maintain compatibility between web pages across web browsers, the ECMA (European Computer Manufacturers Association) released a new specification, ECMAScript 2015, 6th Edition. The specification standardizes the __proto__ feature, a unique attribute related to an object's prototypes. This attribute is present in all JavaScript objects, and __proto__ is specified as an object. A technique that lets JavaScript objects inherit features from one to the next is called a "prototype." ...read more!
