Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js. (arXiv:2207.11171v1 [cs.CR])

Prototype pollution is a dangerous vulnerability affecting prototype-based
languages like JavaScript and the Node.js platform. It refers to the ability of
an attacker to inject properties into an object's root prototype at runtime and
subsequently trigger the execution of legitimate code gadgets that access these
properties on the object's prototype, leading to attacks such as DoS, privilege
escalation, and remote code execution (RCE). While there is anecdotal evidence
that prototype pollution leads to RCE, current research does not tackle the …

code code execution js node node.js remote code execution spring