cabinjs
Security Fix for Insufficient Input Validation - huntr.dev
https://huntr.dev/app/users/bbeale has fixed the Insufficient Input Validation vulnerability 🔨. bbeale has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/bson-objectid/pull/2 GitHub Issue URL | https://github.com/williamkapke/bson-objectid/issues/30 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/bson-objectid/1/README.md
User Comments:
📊 Metadata *
Please enter the direct URL for this bounty on huntr.dev. This is compulsory and will help us process your bounty submission quicker.
Bounty URL: https://www.huntr.dev/app/bounties/open/1-npm-bson-objectid
⚙️ Description *
Added methods for creating new ObjectID from JSON after removing unwanted properties from it.
💻 Technical Description *
- Checks that were previously at the beginning of the constructor moved into
ObjectID.hasRequiredProps. -
ObjectID.sanitizeObjectthen removes unwanted properties from the JSON. -
ObjectID.createFromObjectthen creates an ObjectID from the scrubbed JSON.
🐛 Proof of Concept (PoC) *
Provide the vulnerability exploit to show the security issue you're fixing.
🔥 Proof of Fix (PoF) *
Replay the vulnerability exploit to show the successful fix and mitigation of the vulnerability.
👍 User Acceptance Testing (UAT)
Run the following unit test
it('should not allow insertion of an arbitrary property', function() {
var json = {
"mal_formkey": {
"payload": "xxxx"
},
"_bsontype": "ObjectID",
"id": "5eecccdc951ca34d04e3ff65",
};
var obj = ObjectID(json);
obj.should.be.instanceof(ObjectID);
obj.toString().should.eql("5eecccdc951ca34d04e3ff65");
});
Re-opened this as we should probably merge it, but there are conflicts at the moment. I also don't write TypeScript.
