Open larrycameron80 opened 5 years ago
Prototype Pollution Vulnerable module: lodash Introduced through: grunt@0.4.5 Detailed paths Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › findup-sync@0.1.3 › lodash@2.4.2 Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › grunt-legacy-log@0.1.3 › lodash@2.4.2 Remediation: Upgrade to grunt@1.0.0. Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › grunt-legacy-log@0.1.3 › grunt-legacy-log-utils@0.1.1 › lodash@2.4.2 Remediation: Upgrade to grunt@1.0.3. Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › lodash@0.9.2 Remediation: Upgrade to grunt@1.0.0. Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › grunt-legacy-util@0.2.0 › lodash@0.9.2 Remediation: Upgrade to grunt@1.0.3. Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras.
Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
PoC by Snyk const mergeFn = require('lodash').defaultsDeep; const payload = '{"constructor": {"prototype": {"a0": true}}}'
function check() { mergeFn({}, JSON.parse(payload)); if (({})[a0] === true) { console.log(Vulnerable to Prototype Pollution via ${payload}); } }
a0
Vulnerable to Prototype Pollution via ${payload}
check();
Prototype Pollution Vulnerable module: lodash Introduced through: grunt@0.4.5 Detailed paths Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › findup-sync@0.1.3 › lodash@2.4.2 Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › grunt-legacy-log@0.1.3 › lodash@2.4.2 Remediation: Upgrade to grunt@1.0.0. Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › grunt-legacy-log@0.1.3 › grunt-legacy-log-utils@0.1.1 › lodash@2.4.2 Remediation: Upgrade to grunt@1.0.3. Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › lodash@0.9.2 Remediation: Upgrade to grunt@1.0.0. Introduced through: walletgenerator.net@walletgeneratornet/WalletGenerator.net › grunt@0.4.5 › grunt-legacy-util@0.2.0 › lodash@0.9.2 Remediation: Upgrade to grunt@1.0.3. Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras.
Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
PoC by Snyk const mergeFn = require('lodash').defaultsDeep; const payload = '{"constructor": {"prototype": {"a0": true}}}'
function check() { mergeFn({}, JSON.parse(payload)); if (({})[
a0
] === true) { console.log(Vulnerable to Prototype Pollution via ${payload}
); } }check();