Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects.
- Prototype pollution: The dangerous and underrated vulnerability impacting JavaScript applications (PortSwigger)
- HTB CTF Write-up: Gunship
- AST Injection, Prototype Pollution to RCE.
💡 See labs WebSecurityAcademy (PortSwigger) – Prototype pollution.