You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We found that a maliciously crafted javascript object can bypass the sanitize() of the schema-inspector.
The vulnerability is from the following code: schema-inspector uses a built-in function (hasOwnProperty) from the unsafe user-input to decide whether it should sanitize the object or not. As a result, a crafted payload can overwrite this function to manipulate the sanitization result.
We found that a maliciously crafted javascript object can bypass the sanitize() of the schema-inspector.
The vulnerability is from the following code: schema-inspector uses a built-in function (hasOwnProperty) from the unsafe user-input to decide whether it should sanitize the object or not. As a result, a crafted payload can overwrite this function to manipulate the sanitization result.
https://github.com/Atinux/schema-inspector/blob/7f67b2a95f85ecb76d0dc5326d76d082a2b99e1f/lib/schema-inspector.js#L1013-L1019
One way to fix this issue is to use Object.prototype.hasOwnProperty instead. ( This function is much safer, a detailed discussion can be found here https://stackoverflow.com/questions/12017693/why-use-object-prototype-hasownproperty-callmyobj-prop-instead-of-myobj-hasow)
Reproduce Script
The text was updated successfully, but these errors were encountered: