Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prototype pollution in lib/session.js #3

Open
chluo1997 opened this issue Apr 24, 2024 · 0 comments
Open

prototype pollution in lib/session.js #3

chluo1997 opened this issue Apr 24, 2024 · 0 comments

Comments

@chluo1997
Copy link

There is a prototype pollution in file lib/session.js, line 46.
data[key]=params[key];

The code uses key as the index for the data object. If key is "proto", prototype pollution occurs.

To reproduce, see it('5.test read and write session ', function(done) {}. Since the key of v is supplied by users, attackers can change the key of variable v to be __proto__ to conduct attacks.

Suggestions:
To fix this vulnerability, it is recommended to blacklist prototype pollution payloads in key


set(params){
        return new Promise( (resolve)=>{
            let data= _sessionData[this.sessionId];
            for(let key in params){
+                if (key === '__proto__' or key === 'constructor') {
+                     continue;
+               }
                data[key]=params[key];
            }
            resolve(data)
            
         });
            
         
    }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chluo1997