You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The vulnerability located at AV.Object (dist/node/object.js:107). where set() method
used to unsafely assign source property to the destination. An attacker can be exploit this method to copy malicious property to the built-in Object.prototype through the special properties __proto__ or constructor.prototype.
Thus, the attacker can use one of these properties to pollute the application logic that can be escalated to Denial of service,
remote code execution or cross-site scripting attacks.
Assign or copy a property should only be applied an own property of the destination object, thus, check for that (e.g using hasOwnProperty) is sufficient. Alternatively, block the property names __proto__ or constructor assigned. Other recommendations at Snyk.io: https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b
The text was updated successfully, but these errors were encountered:
Overview
The vulnerability located at
AV.Object (dist/node/object.js:107)
. whereset()
methodused to unsafely assign source property to the destination. An attacker can be exploit this method to copy malicious property to the built-in Object.prototype through the special properties
__proto__
orconstructor.prototype
.Thus, the attacker can use one of these properties to pollute the application logic that can be escalated to Denial of service,
remote code execution or cross-site scripting attacks.
PoC:
Output:
Before Attack: {} After Attack: {"polluted":true}
Output of a successful fix:
How to prevent:
Assign or copy a property should only be applied an own property of the destination object, thus, check for that (e.g using hasOwnProperty) is sufficient. Alternatively, block the property names
__proto__
orconstructor
assigned. Other recommendations at Snyk.io:https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b
The text was updated successfully, but these errors were encountered: