CVE-2021-3815 Prototype Pollution in fabiocaccamo/utils.js

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

utils.js 注入漏洞

utils.js is a JavaScript utility program by fabiocaccamo Individual Developer. An injection vulnerability exists in utils.js that stems from the vulnerability of utils.js to improperly controlled modification of an object's prototype property prototype pollution...

Prototype Pollution

Overview @fabiocaccamo/utils.js is a JavaScript utils for lazy devs. Affected versions of this package are vulnerable to Prototype Pollution via the set and method, which merges the path and value parameters based on the key:value. PoC const utils = require"@fabiocaccamo/utils.js"; const obj = ;...

Prototype Pollution in fabiocaccamo/utils.js

Summary I discovered a prototype pollution vulnerability via utils.js method analysis. javascript set: functionobj, path, value var keys = path.split'.'; var key; var cursor = obj; for var i = 0, j = keys.length; i j; i++ key = keysi; if !TypeUtil.isObjectcursorkey cursorkey = ; if i j - 1 cursor...