Описание
Arbitrary Code Execution in json-ptr
npm json-ptr before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7766
- https://github.com/418sec/json-ptr/pull/3
- https://github.com/flitbit/json-ptr/commit/2539e3494c80af1eef24f0f433654a61f255f011
- https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396
- https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939
- https://www.huntr.dev/bounties/2-npm-json-ptr
- https://www.npmjs.com/package/json-ptr
Пакеты
Наименование
json-ptr
npm
Затронутые версииВерсия исправления
< 2.1.0
2.1.0
Связанные уязвимости
CVSS3: 7.3
nvd
около 5 лет назад
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.