Описание
estree-util-value-to-estree allows prototype pollution in generated ESTree
Impact
When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead.
Example:
import { generate } from 'astring'
import { valueToEstree } from 'estree-util-value-to-estree'
const estree = valueToEstree({
['__proto__']: {}
})
const code = generate(estree)
console.log(code)
Output:
{
"__proto__": {}
}
Patches
This was fixed in version 3.3.3.
Workarounds
If you control the input, don’t specify a property named __proto__. If you don’t control the output, strip any properties named __proto__ before passing it to valueToEstree.
Пакеты
Наименование
estree-util-value-to-estree
npm
Затронутые версииВерсия исправления
< 3.3.3
3.3.3
Связанные уязвимости
nvd
10 месяцев назад
estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.