The challenge shows a variant of JavaScript’s Prototype Pollution in Python. Specially crafted JSON input can tamper with existing classes and modify their behaviour.
I have implemented this vulnerability the popular FastAPI framework.
Link to the challenge: Class Pollution.py
Give it a try and let’s us know what you think.