We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The parse function is vulnerable to Prototype Pollution.
parse
Example:
var query = require('querystring'); query.parse('__proto__[123]=VULN');
Attacker could set the property Object.prototype[NUMBER], which could result in XSS.
Object.prototype[NUMBER]
Example of XSS exploitation in combination with the Knockout.js library (only numeric-only keys are used): https://github.com/BlackFan/client-side-prototype-pollution/blob/master/gadgets/knockout.md
Originally found by @masatokinugawa in a third-party library that uses component/querystring.
component/querystring
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
The
parsefunction is vulnerable to Prototype Pollution.Example:
Attacker could set the property
Object.prototype[NUMBER], which could result in XSS.Example of XSS exploitation in combination with the Knockout.js library (only numeric-only keys are used):
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/gadgets/knockout.md
Originally found by @masatokinugawa in a third-party library that uses
component/querystring.The text was updated successfully, but these errors were encountered: