Prototype Pollution in rdf-graph-array through 0.3.0-rc6: Manipulation of JavaScript Objects via rdf.Graph.prototype.add

Prototype Pollution in rdf-graph-array through 0.3.0-rc6: Manipulation of JavaScript Objects via rdf.Graph.prototype.add

CVE-2019-10798 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.

Learn more about our Web Application Penetration Testing UK.