Sign In

CVE-2026-35209

ADVISORY - github

Summary

Impact

Applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to defu() are vulnerable to prototype pollution.

A crafted payload containing a __proto__ key can override intended default values in the merged result:

import { defu } from 'defu'

const userInput = JSON.parse('{"__proto__":{"isAdmin":true}}')
const config = defu(userInput, { isAdmin: false })

config.isAdmin // true — attacker overrides the server default

Root Cause

The internal _defu function used Object.assign({}, defaults) to copy the defaults object. Object.assign invokes the __proto__ setter, which replaces the resulting object's [[Prototype]] with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing __proto__ key guard in the for...in loop and land in the final result.

Fix

Replace Object.assign({}, defaults) with object spread ({ ...defaults }), which uses [[DefineOwnProperty]] and does not invoke the __proto__ setter.

Affected Versions

<= 6.1.4

Credits

Reported by @BlackHatExploitation

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Impacted images

Advisories

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-737v-mqg7-c878
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1321

CVSS SCORE

7.5high