Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
setPath in @rvf/set-get (used by @rvf/core to flatten incoming form data into a nested object) does not block the keys __proto__, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData (and through parseFormData / validate), an attacker who can submit a form to a Remix / React Router app using the library can set arbitrary properties on Object.prototype of the running server process.
This is a default-reachable prototype pollution primitive: no special configuration is required. Any endpoint that accepts a form via parseFormData or runs a validator created with createValidator is affected.
Affected versions
@rvf/set-get< 7.0.2(7.x line)@rvf/set-get< 6.0.4(6.x line)
Reached through @rvf/core versions that depend on a vulnerable @rvf/set-get (current 8.1.0 resolves to 7.0.1 without the override).
Patched
@rvf/set-get7.0.2@rvf/set-get6.0.4
The fix adds a REJECT_KEYS blocklist (__proto__, constructor, prototype) and throws when one is encountered while walking a path inside setPath.
Proof of concept
Install a vulnerable resolution and run on Node 18+:
{
"dependencies": { "@rvf/core": "8.1.0" },
"overrides": { "@rvf/set-get": "7.0.1" }
}const { preprocessFormData } = require('@rvf/core');
const form = new FormData();
form.append("username", "alice");
form.append("__proto__[polluted]", "yes");
preprocessFormData(form);
console.log(({}).polluted); // -> 'yes'The field name __proto__[polluted] is the kind of value an attacker can submit from any HTML form or HTTP client. After the call, every plain object in the process inherits polluted = 'yes'.
A second working payload is constructor.prototype.<key>=<value>, which goes through setPath walking constructor then prototype.
Impact
- Any property assignable on
Object.prototypeof the server process, set by a single unauthenticated HTTP request. - Persists for the life of the worker process and affects every subsequent request handled by the same process.
- Direct downstream consequences depend on the host application and the rest of its dependency tree, but typical risks include: bypassing
if (obj.isAdmin)style checks, injecting unintended config values into objects merged with user input, breaking template rendering, and crashing the worker by polluting properties used by other libraries (DoS). - Worth noting: the visible output of
preprocessFormDatadoes not contain the malicious key, so the attack leaves no obvious trace in request logs that show parsed bodies.
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L (8.2, High)
Integrity is High because the primitive lets the attacker change the meaning of property reads on every object in the process. Confidentiality is None and Availability is Low without a named downstream gadget; both could be higher in a specific consuming app.
Remediation for users
Upgrade to @rvf/set-get 7.0.2 or 6.0.4. If you cannot upgrade @rvf/core directly, an npm / pnpm override on @rvf/set-get works.
Credit
Reported by Mohamed Bassia (@0xBassia).
AnalysisAI
Prototype pollution in @rvf/set-get allows remote attackers to modify Object.prototype on Node.js servers processing form data via Remix or React Router applications. The setPath function fails to block dangerous property keys (__proto__, constructor, prototype) when flattening form submissions, enabling unauthenticated attackers to inject arbitrary properties into all JavaScript objects across the server process with a single malformed HTTP request. Working proof-of-concept code is publicly available demonstrating property injection via field names like '__proto__[polluted]'. The vulnerability affects default configurations with no special setup required - any endpoint using parseFormData or createValidator is exploitable. CVSS 8.2 High severity driven by network attack vector (AV:N), low complexity (AC:L), and no authentication requirement (PR:N), with high integrity impact from the ability to alter application logic process-wide.
Technical ContextAI
The vulnerability exists in the @rvf/set-get library (NPM packages pkg:npm/@rvf_set-get versions 6.x < 6.0.4 and 7.x < 7.0.2), which provides path-based object property setting for form data processing in Remix and React Router server-side applications. The core issue is a CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes) flaw in the setPath function, which walks object paths derived from untrusted form field names without sanitizing JavaScript's special prototype chain properties. When user-controlled form data containing field names like '__proto__[key]' or 'constructor.prototype[key]' is passed through preprocessFormData (exposed via @rvf/core), the library sets properties directly on Object.prototype. This is a classic prototype pollution vulnerability where JavaScript's prototypal inheritance mechanism is exploited: polluting Object.prototype means every plain object {} in the Node.js process inherits the injected properties. The @rvf/core library version 8.1.0 transitively depends on the vulnerable @rvf/set-get 7.0.1, making the attack surface any server-side form handling endpoint in applications using the RVF (Remix Validated Form) ecosystem.
RemediationAI
Upgrade @rvf/set-get to version 7.0.2 (for 7.x users) or 6.0.4 (for 6.x users), which introduce a REJECT_KEYS blocklist that throws an error when __proto__, constructor, or prototype appear in form field paths. For applications using @rvf/core 8.1.0 or other versions with transitive dependencies on vulnerable @rvf/set-get, apply a package manager override to force resolution to the patched version: in package.json add '"overrides": { "@rvf/set-get": "7.0.2" }' for NPM/Yarn or use the equivalent pnpm.overrides mechanism. Verify the override took effect by checking node_modules/@rvf/set-get/package.json for version 7.0.2 or 6.0.4 after reinstalling dependencies. If immediate upgrade is blocked, implement a temporary input validation layer that rejects form submissions containing field names matching the pattern /__proto__|constructor|prototype/ before they reach preprocessFormData - note this workaround must be applied at the HTTP request parsing layer, not after @rvf processing, and may break legitimate use cases if applications intentionally use these strings in field names (unlikely but verify). The blocklist workaround is brittle and should be replaced with the vendor patch as soon as possible. Consult the GitHub advisory at https://github.com/airjp73/rvf/security/advisories/GHSA-c567-44rc-m5hq for additional context.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32564
GHSA-c567-44rc-m5hq