Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Impact
Elysia cookie can be overridden by prototype pollution , eg. __proto__
Sending cookie with the follows name can override cookie value:
__proto__=%7B%22injected%22%3A%22polluted%22%7DPatches
Patched by 1.4.27
Workarounds
- Use t.Cookie validation to enforce validation value
- Prevent iterable over cookie if possible
AnalysisAI
Elysia (npm package, versions prior to 1.4.27) is vulnerable to prototype pollution through maliciously crafted cookie names, allowing unauthenticated attackers to override application cookie values and potentially inject arbitrary data into the application's object prototype. With a CVSS score of 6.5 and network-accessible attack vector requiring no privileges or user interaction, attackers can manipulate cookie handling to gain limited information disclosure and integrity compromise. A proof-of-concept exploit demonstrating the __proto__ injection vector exists in the GitHub advisory.
Technical ContextAI
Elysia is a popular Node.js web framework (CPE: pkg:npm/elysia) that handles HTTP cookie parsing and management. The vulnerability stems from CWE-1321 (Prototype Pollution), a class of code injection flaws where attacker-controlled input is merged into JavaScript objects without proper sanitization, allowing modification of the Object prototype itself. When Elysia processes incoming HTTP cookies, it fails to filter or validate special property names like __proto__, constructor, and prototype. An attacker sending a crafted cookie header with a name such as __proto__=%7B%22injected%22%3A%22polluted%22%7D (URL-encoded JSON) causes the cookie parsing logic to pollute the prototype chain, affecting all objects created subsequently in that application process. This is a server-side code injection vulnerability triggered through the HTTP Cookie header (CWE-1321 encompasses unsafe object merging patterns).
RemediationAI
Immediately upgrade Elysia to version 1.4.27 or later, which includes the patch committed at e9d6b1743fa7368ef942dce181f6a089757f6aab (visible in the GitHub advisory at https://github.com/elysiajs/elysia/security/advisories/GHSA-8hq9-phh3-p2wp). For applications unable to patch immediately, implement the following workarounds: (1) Apply strict validation to all cookie values using Elysia's t.Cookie validation schema to reject cookies with suspicious or unexpected structures, (2) minimize iteration over cookie objects in application code to reduce the window for prototype pollution exploitation, and (3) consider disabling or restricting cookie handling at the reverse proxy or WAF layer if feasible. Test patches in staging environments before production deployment to ensure compatibility with existing cookie-dependent application logic.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12749
GHSA-8hq9-phh3-p2wp