Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability affects versions prior to 2.6.1. Users are advised to upgrade.
CWE-1321 - Prototype Pollution