AIKIDO-2025-10708
jquery.datatables is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
73
High Risk
This Affects:
jquery.datatablesTL;DR
This package is vulnerable to prototype pollution in the _fnSetObjectDataFn(...) function, where an attacker could exploit unsanitized property paths by submitting malicious input containing dangerous property names like proto, constructor, or prototype to modify the Object prototype, potentially leading to application behavior manipulation, security control bypass, or denial of service. jquery.datatables is unmaintained and no longer receiving security updates, so it it is recommended to migrate to the datatables.net library version 1.10.23 or later.
Who does this affect?
You are affected if you are using the jquery.datatables package.
Background info
jquery.datatables is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in versions 0.0.1 - 1.10.15.
How to fix this
Migrate to the datatables.net library version 1.10.23 or later.
Links
CVE Detail
Other
github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.js%23L2766
security.netapp.com/advisory/ntap-20240621-0006/snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402snyk.io/vuln/SNYK-JS-DATATABLESNET-598806
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant