Skip to content

rscbug/prototype_pollution

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
rules
rules
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

CVE-2023-45827 - prototype pollution

card vulnerability

ID-CVE : CVE-2023-45827

CVSS 3.1 : 9,8

ID-CWE : CWE-1321

Type : Prototype Pollution

Impact: Depends on the subsequent use of object properties to implement critically dangerous functions (distribution of rights, code execution, business logic)

Description package: TypeScript library @clickbar/dot-diver up to version 1.0.1 inclusive, which provides a convenient API for reading a field value from an object (getByPath function) and writing a value to an object field (setByPath function)

run the command for a semgrep rule:

$semgrep scan --config ./rules/prototype_pollution_taint.yaml

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages