Vulnerability
File: core/state/StateManager.js lines 105-121
Prototype pollution protection is shallow-only. Only top-level proto/constructor/prototype are deleted, but nested objects merged via spread without sanitization.
Current Code
// Sanitize keys to prevent prototype pollution
if (updates && typeof updates === 'object') {
delete updates.__proto__; // ❌ Only top level
delete updates.constructor;
delete updates.prototype;
}
// Then spread merge nested objects WITHOUT sanitizing them
const newState = {
...oldState,
...updates,
metadata: updates.metadata ? { ...oldState.metadata, ...updates.metadata } : oldState.metadata,
// ❌ updates.metadata.__proto__ NOT deleted before spread
};Vulnerability Detail
Attacker can pollute nested object prototypes:
// Direct attack (BLOCKED)
stateManager.setState({ __proto__: { evil: true } }); // ✅ Deleted
// Nested attack (NOT BLOCKED)
stateManager.setState({
metadata: { __proto__: { malicious: true } }
});
// Now: stateManager.state.metadata.__proto__.malicious === true ❌ POLLUTED
// Also via filters
stateManager.setState({
filters: { __proto__: { override: true } }
});
// ❌ Polluted
// Also via businessHours
stateManager.setState({
businessHours: { __proto__: { invalid: true } }
});
// ❌ PollutedFix Required
- Implement deep recursive sanitization (delete proto at all nesting levels)
- Add schema validation (allowlist known state keys)
- Sanitize BEFORE merge operations, not after
Effort
~2 hours
Vulnerability
File: core/state/StateManager.js lines 105-121
Prototype pollution protection is shallow-only. Only top-level proto/constructor/prototype are deleted, but nested objects merged via spread without sanitization.
Current Code
Vulnerability Detail
Attacker can pollute nested object prototypes:
Fix Required
Effort
~2 hours