Human
Machine
REPRO-2026-00097 CRITICAL DoS
Verified
CASL Ability: Prototype Pollution via Condition Handling
@casl/ability (npm) Feb 19, 2026
What's the vulnerability?
CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.
Root Cause Analysis
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00097 or
pruva-verify GHSA-x9vf-53q3-cvx6 or
pruva-verify CVE-2026-1774 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00097/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...
Artifacts
repro/reproduction_steps.sh3.9 KBrepro/rca_report.md7.4 KBbundle/ticket.json4.2 KBbundle/ticket.md1.3 KBbundle/source.json2.2 KBrepro/casl/pnpm-workspace.yaml0.1 KBrepro/casl/release-please-config.json1.3 KBrepro/casl/packages/casl-angular/CHANGELOG.md22.2 KBrepro/casl/packages/casl-angular/LICENSE1.1 KBrepro/casl/packages/casl-angular/package.json2.6 KBrepro/casl/packages/casl-angular/tsconfig.types.json0.2 KBrepro/casl/packages/casl-angular/spec/AbilityServiceSignal.spec.ts1.6 KBrepro/casl/packages/casl-angular/spec/pipes.e2e.spec.ts2.3 KBrepro/casl/packages/casl-angular/spec/spec_helper.ts1.4 KBrepro/casl/packages/casl-angular/spec/AbilityService.spec.ts1.3 KBrepro/casl/packages/casl-angular/README.md9.3 KBrepro/casl/packages/casl-angular/tsconfig.spec.json0.2 KBrepro/casl/packages/casl-angular/tsconfig.json0.7 KBrepro/casl/packages/casl-angular/index.d.ts0.0 KBrepro/casl/packages/casl-angular/src/pipes.ts1.0 KBrepro/casl/packages/casl-angular/src/public.ts0.1 KBrepro/casl/packages/casl-angular/src/AbilityServiceSignal.ts1.0 KBrepro/casl/packages/casl-angular/src/AbilityService.ts0.5 KBrepro/casl/packages/casl-angular/tsconfig.build.json0.1 KBrepro/casl/packages/casl-angular/jest.config.js0.3 KBrepro/casl/packages/casl-aurelia/CHANGELOG.md9.4 KBrepro/casl/packages/casl-aurelia/LICENSE1.1 KBrepro/casl/packages/casl-aurelia/package.json1.9 KBrepro/casl/packages/casl-aurelia/spec/spec_helper.js0.2 KBrepro/casl/packages/casl-aurelia/spec/plugin.spec.js3.3 KBrepro/casl/packages/casl-aurelia/spec/.eslintrc0.0 KBrepro/casl/packages/casl-aurelia/README.md7.3 KBrepro/casl/packages/casl-aurelia/tsconfig.json0.1 KBrepro/casl/packages/casl-aurelia/index.d.ts0.0 KBrepro/casl/packages/casl-aurelia/src/value-converter/can.ts1.4 KBrepro/casl/packages/casl-aurelia/src/index.ts0.6 KBrepro/casl/packages/casl-aurelia/tsconfig.build.json0.1 KBrepro/casl/packages/casl-prisma/runtime.js0.0 KBrepro/casl/packages/casl-prisma/CHANGELOG.md7.1 KBrepro/casl/packages/casl-prisma/LICENSE1.1 KBrepro/casl/packages/casl-prisma/package.json2.1 KBrepro/casl/packages/casl-prisma/spec/accessibleBy.spec.ts1.1 KBrepro/casl/packages/casl-prisma/spec/prismaQuery.spec.ts20.5 KBrepro/casl/packages/casl-prisma/spec/AppAbility.ts0.3 KBrepro/casl/packages/casl-prisma/spec/createPrismaAbilityFor.spec.ts0.6 KBrepro/casl/packages/casl-prisma/spec/PrismaAbility.spec.ts3.1 KBrepro/casl/packages/casl-prisma/README.md8.5 KBrepro/casl/packages/casl-prisma/tsconfig.json0.1 KBrepro/casl/packages/casl-prisma/prisma.config.ts0.2 KBrepro/casl/packages/casl-prisma/src/accessibleByFactory.ts1.9 KBrepro/casl/packages/casl-prisma/src/errors/ParsingQueryError.ts0.3 KBrepro/casl/packages/casl-prisma/src/index.ts1.5 KBrepro/casl/packages/casl-prisma/src/types.ts1.7 KBrepro/casl/packages/casl-prisma/src/runtime.ts0.5 KBrepro/casl/packages/casl-prisma/src/createAbilityFactory.ts0.9 KBrepro/casl/packages/casl-prisma/src/prisma/interpretPrismaQuery.ts3.9 KBrepro/casl/packages/casl-prisma/src/prisma/prismaQuery.ts1.0 KBrepro/casl/packages/casl-prisma/src/prisma/PrismaQueryParser.ts5.8 KBrepro/casl/packages/casl-prisma/tsconfig.build.json0.1 KBrepro/casl/packages/casl-prisma/schema.prisma0.4 KBrepro/casl/packages/casl-prisma/runtime.d.ts0.0 KBrepro/casl/packages/casl-mongoose/CHANGELOG.md17.4 KBrepro/casl/packages/casl-mongoose/LICENSE1.1 KBrepro/casl/packages/casl-mongoose/package.json1.6 KBrepro/casl/packages/casl-mongoose/spec/accessibleFieldsBy.spec.ts2.3 KBrepro/casl/packages/casl-mongoose/spec/accessibleBy.spec.ts5.0 KBrepro/casl/packages/casl-mongoose/spec/accessible_records.spec.ts4.0 KBrepro/casl/packages/casl-mongoose/spec/accessible_fields.spec.ts4.5 KBrepro/casl/packages/casl-mongoose/README.md14.0 KBrepro/casl/packages/casl-mongoose/tsconfig.json0.1 KBrepro/casl/packages/casl-mongoose/src/accessibleFieldsBy.ts0.8 KBrepro/casl/packages/casl-mongoose/src/plugins/accessible_records.ts2.2 KBrepro/casl/packages/casl-mongoose/src/plugins/accessible_fields.ts3.0 KBrepro/casl/packages/casl-mongoose/src/index.ts1.1 KBrepro/casl/packages/casl-mongoose/src/accessibleBy.ts1.3 KBrepro/casl/packages/casl-mongoose/tsconfig.build.json0.1 KBrepro/casl/packages/casl-vue/CHANGELOG.md15.8 KBrepro/casl/packages/casl-vue/LICENSE1.1 KBrepro/casl/packages/casl-vue/package.json1.6 KBrepro/casl/packages/casl-vue/spec/can.spec.ts4.3 KBrepro/casl/packages/casl-vue/spec/plugin.spec.ts2.4 KBrepro/casl/packages/casl-vue/spec/hooks.spec.ts1.7 KBrepro/casl/packages/casl-vue/README.md11.9 KBrepro/casl/packages/casl-vue/tsconfig.json0.2 KBrepro/casl/packages/casl-vue/src/reactiveAbility.ts0.7 KBrepro/casl/packages/casl-vue/src/plugin.ts0.7 KBrepro/casl/packages/casl-vue/src/useAbility.ts0.6 KBrepro/casl/packages/casl-vue/src/index.ts0.3 KBrepro/casl/packages/casl-vue/src/component/can.ts2.3 KBrepro/casl/packages/casl-vue/tsconfig.build.json0.1 KBrepro/casl/packages/dx/lib/spec_helper.js0.5 KBrepro/casl/packages/dx/lib/spawn.js0.5 KBrepro/casl/packages/dx/lib/dx.js2.6 KBrepro/casl/packages/dx/package.json1.2 KBrepro/casl/packages/dx/bin/dx.js0.1 KBrepro/casl/packages/dx/tsconfig.json0.1 KBrepro/casl/packages/dx/config/jest.chai.config.js0.2 KBrepro/casl/packages/dx/config/babel.config.mjs1.0 KBrepro/casl/packages/dx/config/lintstaged.js0.2 KBrepro/casl/packages/dx/config/eslint.config.mjs3.0 KBrepro/casl/packages/dx/config/jest.config.js0.4 KBrepro/casl/packages/dx/config/rollup.config.mjs3.7 KBrepro/casl/packages/casl-react/CHANGELOG.md14.3 KBrepro/casl/packages/casl-react/LICENSE1.1 KBrepro/casl/packages/casl-react/package.json1.8 KBrepro/casl/packages/casl-react/spec/factory.spec.tsx1.3 KBrepro/casl/packages/casl-react/spec/Can.spec.tsx4.2 KBrepro/casl/packages/casl-react/spec/useAbility.spec.ts1.5 KBrepro/casl/packages/casl-react/README.md10.8 KBrepro/casl/packages/casl-react/tsconfig.json0.2 KBrepro/casl/packages/casl-react/index.d.ts0.0 KBrepro/casl/packages/casl-react/src/Can.ts2.5 KBrepro/casl/packages/casl-react/src/factory.ts0.5 KBrepro/casl/packages/casl-react/src/index.ts0.1 KBrepro/casl/packages/casl-react/src/hooks/useAbility.ts0.4 KBrepro/casl/packages/casl-react/tsconfig.build.json0.2 KBrepro/casl/packages/casl-ability/extra.d.ts0.0 KBrepro/casl/packages/casl-ability/CHANGELOG.md70.0 KBrepro/casl/packages/casl-ability/LICENSE1.1 KBrepro/casl/packages/casl-ability/package.json2.0 KBrepro/casl/packages/casl-ability/extra/package.json0.2 KBrepro/casl/packages/casl-ability/spec/spec_helper.js0.4 KBrepro/casl/packages/casl-ability/spec/permitted_fields.spec.js2.8 KBrepro/casl/packages/casl-ability/spec/error.spec.ts2.9 KBrepro/casl/packages/casl-ability/spec/ability.spec.ts29.6 KBrepro/casl/packages/casl-ability/spec/subject_helper.spec.ts0.8 KBrepro/casl/packages/casl-ability/spec/pack_rules.spec.ts5.6 KBrepro/casl/packages/casl-ability/spec/rulesToQuery.spec.js5.5 KBrepro/casl/packages/casl-ability/spec/fixtures.ts0.6 KBrepro/casl/packages/casl-ability/spec/types/AbilityBuilder.spec.ts7.9 KBrepro/casl/packages/casl-ability/spec/types/Ability.spec.ts4.3 KBrepro/casl/packages/casl-ability/spec/rulesToAST.spec.js1.9 KBrepro/casl/packages/casl-ability/spec/rulesToFields.spec.ts2.4 KBrepro/casl/packages/casl-ability/spec/builder.spec.js4.9 KBrepro/casl/packages/casl-ability/README.md6.3 KBrepro/casl/packages/casl-ability/tsconfig.json0.1 KBrepro/casl/packages/casl-ability/index.d.ts0.0 KBrepro/casl/packages/casl-ability/src/AbilityBuilder.ts5.5 KBrepro/casl/packages/casl-ability/src/ForbiddenError.ts2.3 KBrepro/casl/packages/casl-ability/src/extra/rulesToQuery.ts2.5 KBrepro/casl/packages/casl-ability/src/extra/index.ts0.1 KBrepro/casl/packages/casl-ability/src/extra/permittedFieldsOf.ts2.1 KBrepro/casl/packages/casl-ability/src/extra/rulesToFields.ts0.9 KBrepro/casl/packages/casl-ability/src/extra/packRules.ts1.9 KBrepro/casl/packages/casl-ability/src/hkt.ts0.5 KBrepro/casl/packages/casl-ability/src/structures/LinkedItem.ts0.6 KBrepro/casl/packages/casl-ability/src/RuleIndex.ts9.4 KBrepro/casl/packages/casl-ability/src/matchers/conditions.ts1.6 KBrepro/casl/packages/casl-ability/src/matchers/field.ts1.5 KBrepro/casl/packages/casl-ability/src/PureAbility.ts2.0 KBrepro/casl/packages/casl-ability/src/utils.ts5.3 KBrepro/casl/packages/casl-ability/src/index.ts0.8 KBrepro/casl/packages/casl-ability/src/types.ts2.8 KBrepro/casl/packages/casl-ability/src/Rule.ts3.2 KBrepro/casl/packages/casl-ability/src/Ability.ts1.7 KBrepro/casl/packages/casl-ability/src/RawRule.ts1.0 KBrepro/casl/packages/casl-ability/tsconfig.build.json0.1 KBrepro/casl/LICENSE1.1 KBrepro/casl/package.json0.3 KBrepro/casl/.codeclimate.yml0.4 KBrepro/casl/.github/actions/setup-deps/action.yml1.0 KBrepro/casl/.github/FUNDING.yml0.6 KBrepro/casl/.github/workflows/main.yml1.7 KBrepro/casl/.github/workflows/docs.yml2.5 KBrepro/casl/.github/workflows/release.yml1.0 KBrepro/casl/.github/workflows/diff-package-lock.yml3.2 KBrepro/casl/.github/ISSUE_TEMPLATE/bug_report.md1.1 KBrepro/casl/.github/ISSUE_TEMPLATE/feature_request.md0.9 KBrepro/casl/README.md13.6 KBrepro/casl/docs-src/index.html3.1 KBrepro/casl/docs-src/tools/SearchIndex.js1.2 KBrepro/casl/docs-src/tools/mdLink.cjs2.3 KBrepro/casl/docs-src/tools/mdImage.cjs1.0 KBrepro/casl/docs-src/tools/stop-words/ru.txt4.4 KBrepro/casl/docs-src/tools/stop-words/en.txt3.4 KBrepro/casl/docs-src/tools/stop-words/ua.txt4.0 KBrepro/casl/docs-src/tools/prerender.js4.2 KBrepro/casl/docs-src/tools/sitemap.xml.js5.4 KBrepro/casl/docs-src/tools/mdTableContainer.cjs0.4 KBrepro/casl/docs-src/tools/contentParser.js1.7 KBrepro/casl/docs-src/public/manifest.json0.4 KBrepro/casl/docs-src/public/global.css1.0 KBrepro/casl/docs-src/public/fonts/StardosStencil-Bold.woff213.5 KBrepro/casl/docs-src/public/fonts/StardosStencil-Regular.woff214.5 KBrepro/casl/docs-src/public/web-root/robots.txt0.1 KBrepro/casl/docs-src/public/web-root/404.html2.3 KBrepro/casl/docs-src/public/web-root/google4f1edd737abc76a4.html0.1 KBrepro/casl/docs-src/public/versions.txt0.1 KBrepro/casl/docs-src/public/app-icons/safari-pinned-tab.svg0.9 KBrepro/casl/docs-src/public/app-icons/android-chrome-192x192.png6.3 KBrepro/casl/docs-src/public/app-icons/favicon-32x32.png0.9 KBrepro/casl/docs-src/public/app-icons/favicon-16x16.png0.5 KBrepro/casl/docs-src/public/app-icons/mstile-150x150.png3.8 KBrepro/casl/docs-src/public/app-icons/favicon.ico14.7 KBrepro/casl/docs-src/public/app-icons/apple-touch-icon.png5.4 KBrepro/casl/docs-src/public/app-icons/android-chrome-256x256.png9.3 KBrepro/casl/docs-src/package.json1.2 KBrepro/casl/docs-src/src/content/app/en.yml2.9 KBrepro/casl/docs-src/src/content/pages/api/casl-ability-extra/en.md5.9 KBrepro/casl/docs-src/src/content/pages/api/casl-ability/en.md15.5 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-abilitybuilder-conditions-hints.png61.1 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-discriminated-class-subject.png10.0 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-class-subject-with-name.png9.4 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-class-subject.png14.8 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-abilitybuilder-fields-hints.png16.0 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/en.md11.2 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-abilitybuilder.png10.1 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-tagged-union-subject.png12.4 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-subject-hints.png7.5 KBrepro/casl/docs-src/src/content/pages/advanced/typescript/casl-action-hints.png6.0 KBrepro/casl/docs-src/src/content/pages/advanced/debugging-testing/en.md7.7 KBrepro/casl/docs-src/src/content/pages/advanced/customize-ability/en.md5.7 KBrepro/casl/docs-src/src/content/pages/advanced/ability-inheritance/en.md0.2 KBrepro/casl/docs-src/src/content/pages/advanced/ability-to-database-query/en.md4.4 KBrepro/casl/docs-src/src/content/pages/support-casljs/en.md1.7 KBrepro/casl/docs-src/src/content/pages/notfound/en.md0.2 KBrepro/casl/docs-src/src/content/pages/guide/conditions-in-depth/en.md11.9 KBrepro/casl/docs-src/src/content/pages/guide/subject-type-detection/en.md7.5 KBrepro/casl/docs-src/src/content/pages/guide/intro/en.md16.9 KBrepro/casl/docs-src/src/content/pages/guide/define-aliases/en.md3.2 KBrepro/casl/docs-src/src/content/pages/guide/install/en.md8.1 KBrepro/casl/docs-src/src/content/pages/guide/define-rules/en.md9.9 KBrepro/casl/docs-src/src/content/pages/guide/restricting-fields/en.md8.3 KBrepro/casl/docs-src/src/content/pages/package/casl-angular/en.md0.3 KBrepro/casl/docs-src/src/content/pages/package/casl-aurelia/en.md0.3 KBrepro/casl/docs-src/src/content/pages/package/casl-prisma/en.md0.3 KBrepro/casl/docs-src/src/content/pages/package/casl-mongoose/en.md0.3 KBrepro/casl/docs-src/src/content/pages/package/casl-vue/en.md0.3 KBrepro/casl/docs-src/src/content/pages/package/casl-react/en.md0.3 KBrepro/casl/docs-src/src/content/pages/cookbook/cache-rules/en.md7.1 KBrepro/casl/docs-src/src/content/pages/cookbook/intro/en.md4.4 KBrepro/casl/docs-src/src/content/pages/cookbook/roles-with-persisted-permissions/en.md15.7 KBrepro/casl/docs-src/src/content/pages/cookbook/roles-with-static-permissions/en.md11.5 KBrepro/casl/docs-src/src/content/pages/cookbook/less-confusing-can-api/en.md2.4 KBrepro/casl/docs-src/src/content/pages/cookbook/claim-authorization/en.md3.1 KBrepro/casl/docs-src/src/app.js1.8 KBrepro/casl/docs-src/src/vite-env.d.ts0.8 KBrepro/casl/docs-src/src/partials/caslFeatures.js1.0 KBrepro/casl/docs-src/src/components/AppHeader.js4.1 KBrepro/casl/docs-src/src/components/Page.js2.2 KBrepro/casl/docs-src/src/components/PagesByCategories.js1.1 KBrepro/casl/docs-src/src/components/LangPicker.js0.7 KBrepro/casl/docs-src/src/components/AppNotification.js0.6 KBrepro/casl/docs-src/src/components/OneTimeDonations.js1.9 KBrepro/casl/docs-src/src/components/VersionsSelect.js2.2 KBrepro/casl/docs-src/src/components/PageNav.js1.1 KBrepro/casl/docs-src/src/components/QuickSearch.js7.4 KBrepro/casl/docs-src/src/components/AppRoot.js1.8 KBrepro/casl/docs-src/src/components/GithubButton.js1.0 KBrepro/casl/docs-src/src/components/HomePage.js2.8 KBrepro/casl/docs-src/src/components/ArticleDetails.js1.4 KBrepro/casl/docs-src/src/components/I18nElement.js0.7 KBrepro/casl/docs-src/src/components/AppMenu.js3.3 KBrepro/casl/docs-src/src/components/App.js3.4 KBrepro/casl/docs-src/src/components/AppFooter.js3.5 KBrepro/casl/docs-src/src/components/MenuDrawer.js2.9 KBrepro/casl/docs-src/src/components/AppLink.js2.5 KBrepro/casl/docs-src/src/components/OldVersionAlert.js1.4 KBrepro/casl/docs-src/src/serviceWorker.js2.9 KBrepro/casl/docs-src/src/directives/i18n.js0.5 KBrepro/casl/docs-src/src/styles/md.js1.8 KBrepro/casl/docs-src/src/styles/alert.js0.3 KBrepro/casl/docs-src/src/styles/code.js2.0 KBrepro/casl/docs-src/src/styles/page.js0.4 KBrepro/casl/docs-src/src/styles/index.js0.3 KBrepro/casl/docs-src/src/styles/grid.js0.5 KBrepro/casl/docs-src/src/styles/btn.js0.6 KBrepro/casl/docs-src/src/hooks/watchMedia.js0.3 KBrepro/casl/docs-src/src/hooks/scrollToSection.js1.3 KBrepro/casl/docs-src/src/bootstrap.js0.4 KBrepro/casl/docs-src/src/services/utils.js0.5 KBrepro/casl/docs-src/src/services/meta.js1.9 KBrepro/casl/docs-src/src/services/content.js0.3 KBrepro/casl/docs-src/src/services/error.js0.1 KBrepro/casl/docs-src/src/services/version.js0.4 KBrepro/casl/docs-src/src/services/ContentType.js3.6 KBrepro/casl/docs-src/src/services/pageController.js1.8 KBrepro/casl/docs-src/src/services/http.js1.7 KBrepro/casl/docs-src/src/services/router.js3.0 KBrepro/casl/docs-src/src/services/querystring.js0.4 KBrepro/casl/docs-src/src/services/i18n.js1.7 KBrepro/casl/docs-src/src/config/menu.yml1.1 KBrepro/casl/docs-src/src/config/app.js0.1 KBrepro/casl/docs-src/src/config/search.js0.4 KBrepro/casl/docs-src/src/config/routes.yml0.9 KBrepro/casl/docs-src/.env0.2 KBrepro/casl/docs-src/.env.production0.1 KBrepro/casl/docs-src/.gitignore0.2 KBrepro/casl/docs-src/vite.config.js4.6 KBrepro/casl/tsconfig.json0.2 KBrepro/casl/.renovaterc1.4 KBrepro/casl/.release-please-manifest.json0.2 KBrepro/casl/CONTRIBUTING.md4.6 KBrepro/casl/BACKERS.md1.9 KBrepro/casl/.gitignore0.9 KBrepro/casl/git-hooks/pre-commit0.1 KBrepro/casl/git-hooks/.gitignore0.0 KBrepro/casl/pnpm-lock.yaml516.5 KBlogs/variant3.log0.1 KBlogs/npm_install_current.log0.1 KBlogs/variant5.log0.1 KBlogs/variant8.log0.1 KBlogs/variant4.log0.2 KBlogs/variant7.log0.1 KBlogs/test_vulnerable.log0.2 KBlogs/npm_install_fixed.log0.1 KBlogs/variant2.log0.1 KBlogs/variant1.log0.1 KBlogs/npm_install_vuln.log0.2 KBlogs/variant6.log0.3 KBlogs/test_fixed.log0.2 KB
