| Details | |
|---|---|
| Alert ID | 210008 |
| Alert Type | Tool |
| Status | alpha |
| Risk | High |
| CWE | 1321 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-1321 OWASP_2021_A08 OWASP_2025_A05 TOOL_PTK |
Summary
A prior tainted prototype write influenced inherited fetch() init fields. Generated by OWASP PTK IAST Module
Solution
• Reject __proto__, constructor, and prototype keys during object merge and parsing. • Use safe merge utilities and create null-prototype maps where appropriate.Other Info
References
- https://owasp.org/www-community/attacks/Prototype_Pollution
- https://cwe.mitre.org/data/definitions/1321.html