Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Prototype Pollution Vulnerability Affecting chartist module, versions >=1.0.0 <=1.3.0 #1427

Open
1 task
tariqhawis opened this issue Mar 29, 2024 · 0 comments
Open
1 task

[Bug]: Prototype Pollution Vulnerability Affecting chartist module, versions >=1.0.0 <=1.3.0 #1427

tariqhawis opened this issue Mar 29, 2024 · 0 comments
Labels
bug

Comments

@tariqhawis
Copy link

tariqhawis commented Mar 29, 2024
edited

Would you like to work on a fix?

  • Check this if you would like to implement a PR, we are more than happy to help you go through the process.

Current and expected behavior

Overview

A Prototype Pollution vulnerability Affecting chartist , versions >=1.0.0 <=1.3.0, due to missing check if the argument resolves to the object prototype. This allow the attacker to inject malicious object property using the built-in Object property __proto__ which recursively assigned to all the objects in the program.

Reproduction

sent directly to the maintainer's email

Chartist version

1.3.0

Possible solution

  • Freeze the root prototype using Object.freeze
  • Require schema validation of JSON input.
  • Avoid using unsafe recursive merge functions.
  • Consider using objects without prototypes (for example, Object.create(null)), breaking the prototype chain and preventing pollution.
  • As a best practice use Map instead of Object
@tariqhawis tariqhawis added the bug label Mar 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tariqhawis