This week’s release introduces new detections for Prototype Pollution across three common vectors: URI, Body, and Header/Form.
Key Findings
- These attacks can affect both API and web applications by altering normal behavior or bypassing security controls.
Impact
Exploitation may allow attackers to change internal logic or cause unexpected behavior in applications using JavaScript or Node.js frameworks. Developers should sanitize input keys and avoid merging untrusted data structures.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 32405a50728746dd8caa057b606285e6 | N/A | Generic Rules – Prototype Pollution – URI | Log | Disabled | This is a new detection |
| Cloudflare Managed Ruleset | a7da00c63c4243d2a72456fe4f59ff26 | N/A | Generic Rules – Prototype Pollution – Body | Log | Disabled | This is a new detection |
| Cloudflare Managed Ruleset | 833078bdcfa04bb7aa7b8fb67efbeb39 | N/A | Generic Rules – Prototype Pollution – Header – Form | Log | Disabled | This is a new detection |
Source: Cloudflare
Latest Posts
- (Updated) Realtime voice is now available in M365 Copilot Chat and M365 Copilot [MC1085684]
- (Updated) Microsoft 365 Copilot Chat: New ways to include files and emails in prompts [MC1139489]
- (Updated) Microsoft 365 Copilot: New ways to include files and emails as part of prompts in chat web scope [MC1139488]
- (Updated) Microsoft SharePoint: Update to News web part “See all” experience [MC1182713]
![Power Platform – Upcoming enforcement of tenant isolation [MC1184591]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-steve-26628057-150x150.webp "Power Platform - Upcoming enforcement of tenant isolation [MC1184591] 6")
