This is a very underated and less known vulnerability that happens most commonly in Javascript based applications and is specially dangrous when its running on the backend servers (Node.Js being the most common culprit).

This mainly happens due to how JS works and its prototype based nature as when new objects are created they carry over properties and methods of the prototype object. (Ex. toString, constructor). This provides a lot of flexibility to Javascript but at the same time, makes it vulnerable.

For Ex. a malicious actor can make application wide changes which will effect all objects and they dont even need to directly modify the object they can access it through the __proto__ property of a js object and once that object is changed all objects in the applications have that change applied to them.

A lot of the common attacks against this vulnerability involve adding properties and methods to manipulate the application flow.

Resources Used :

PortSwigger Prototype Pollution:

AST Injection, Prototype Pollution to RCE :

Link: | From the show Tokyo Revengers