GHSA-HXJ9-33PP-J2CC
Vulnerability from github – Published: 2025-12-09 17:11 – Updated: 2025-12-09 21:37
VLAI?
Summary
Elysia vulnerable to prototype pollution with multiple standalone schema validation
Details
Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the __proto__ prop to be merged.
When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker.
Impact
Routes with more than 2 standalone schema validation, eg. zod
Example vulnerable code:
import { Elysia } from "elysia"
import * as z from "zod"
const app = new Elysia()
.guard({
schema: "standalone",
body: z.object({
data: z.any()
})
})
.post("/", ({ body }) => ({ body, win: {}.foo }), {
body: z.object({
data: z.object({
messageId: z.string("pollute-me"),
})
})
})
Patches
Patched by 1.4.17 (https://github.com/elysiajs/elysia/pull/1564)
Reference commit: - https://github.com/elysiajs/elysia/pull/1564/commits/26935bf76ebc43b4a43d48b173fc853de43bb51e - https://github.com/elysiajs/elysia/pull/1564/commits/3af978663e437dccc6c1a2a3aff4b74e1574849e
Workarounds
Remove __proto__ key from body
Example plugin for removing __proto__ from body
new Elysia()
.onTransform(({ body, headers }) => {
if (headers['content-type'] === 'application/json')
return JSON.parse(JSON.stringify(body), (k, v) => {
if (k === '__proto__') return
return v
})
})
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "elysia"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66456"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-09T17:11:53Z",
"nvd_published_at": "2025-12-09T20:15:54Z",
"severity": "CRITICAL"
},
"details": "Prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an `any` type that is set as a `standalone` guard, to allow for the `__proto__` prop to be merged.\n\nWhen combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker.\n\n### Impact\nRoutes with more than 2 standalone schema validation, eg. zod\n\nExample vulnerable code:\n```typescript\nimport { Elysia } from \"elysia\"\nimport * as z from \"zod\"\n\nconst app = new Elysia()\n\t.guard({\n\t\tschema: \"standalone\",\n\t\tbody: z.object({\n\t\t\tdata: z.any()\n\t\t})\n\t})\n\t.post(\"/\", ({ body }) =\u003e ({ body, win: {}.foo }), {\n\t\tbody: z.object({\n\t\t\tdata: z.object({\n\t\t\t\tmessageId: z.string(\"pollute-me\"),\n\t\t\t})\n\t\t})\n\t})\n```\n\n### Patches\nPatched by 1.4.17 (https://github.com/elysiajs/elysia/pull/1564)\n\nReference commit:\n- https://github.com/elysiajs/elysia/pull/1564/commits/26935bf76ebc43b4a43d48b173fc853de43bb51e\n- https://github.com/elysiajs/elysia/pull/1564/commits/3af978663e437dccc6c1a2a3aff4b74e1574849e\n\n### Workarounds\nRemove `__proto__` key from body\n\nExample plugin for removing `__proto__` from body\n\n```typescript\nnew Elysia()\n\t.onTransform(({ body, headers }) =\u003e {\n\t\tif (headers[\u0027content-type\u0027] === \u0027application/json\u0027)\n\t\t\treturn JSON.parse(JSON.stringify(body), (k, v) =\u003e {\n\t\t\t\tif (k === \u0027__proto__\u0027) return\n\n\t\t\t\treturn v\n\t\t\t})\n\t})\n```",
"id": "GHSA-hxj9-33pp-j2cc",
"modified": "2025-12-09T21:37:06Z",
"published": "2025-12-09T17:11:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/elysiajs/elysia/security/advisories/GHSA-8vch-m3f4-q8jf"
},
{
"type": "WEB",
"url": "https://github.com/elysiajs/elysia/security/advisories/GHSA-hxj9-33pp-j2cc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66456"
},
{
"type": "WEB",
"url": "https://github.com/elysiajs/elysia/pull/1564"
},
{
"type": "WEB",
"url": "https://github.com/elysiajs/elysia/commit/26935bf76ebc43b4a43d48b173fc853de43bb51e"
},
{
"type": "WEB",
"url": "https://github.com/elysiajs/elysia/commit/3af978663e437dccc6c1a2a3aff4b74e1574849e"
},
{
"type": "PACKAGE",
"url": "https://github.com/elysiajs/elysia"
},
{
"type": "WEB",
"url": "https://github.com/sportshead/elysia-poc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Elysia vulnerable to prototype pollution with multiple standalone schema validation"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…