Prototype pollution in query_string_parser.js

victorteokw / query-string-parser

Rack style query string parser for Node.js

MIT License

8 stars 1 forks source link

Prototype pollution in query_string_parser.js #3

Open lelecolacola123 opened 1 year ago

lelecolacola123 commented 1 year ago

Prototype pollution vulnerability in function _fillValue() in query-string-parser\query_string_parser.js in query-string-parser0.2.3 . The function _fillValue lead to Prototype pollution in line 45

https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html

victorteokw commented 1 year ago

Thanks @lelecolacola123, noted.