It occurs due to various errors occurring in JavaScript libraries. Prototype Pollution vulnerability It makes web applications insecure.
What is Prototype Pullution?
When a new object is created in JavaScript, a prototype-based programming language; This new object created toString, cunstructor And hasOwnProperty It carries the properties and methods of a prototype object, which includes functions such as
While object-based inheritance makes the job of programmers easier, it also invites security vulnerabilities. Malicious people can cause changes throughout the entire web application by changing the properties of an object.
The attacker does not need to directly manipulate the object. of the object__proto__It can be accessed through the ” feature. When a change occurs in the relevant object, the change is applied to all JavaScript objects.
What Causes Prototype Pollution Vulnerability and How Is It Exploited?
prototype pollution, It is caused by errors occurring in Lo-Dash and JQuery libraries. In order to prevent the vulnerability from occurring, it is necessary to ensure that Lo-Dash and JQuery are up to date.
If examined in detail, the main cause of the vulnerability is insecure security. merge, clone, extend And path assignment the use of operations. For example, an unsafe use of the “merge” operation is as follows:
- var merge = function(target, source) {
- for(var attr in source) {
- if(typeof(target[attr] === 'object' && typeofsource[attr] === 'object'){
- merge(target[attr], source[attr]);
- } else{
- target[attr] = source[attr];
- }
- }
- return target;
- };
To contaminate a merge function like the one above, all an attacker needs to do is create JSON data like the one below.
- {
- “foo”:”bar”,
- “__proto__”: {
- “polluted”: “true”
- }
- }
This created JSON data is then injected into any JavaScript object using the merge function.
What is the Effect of Prototype Pollution Vulnerability on the System?
Prototype Pollution vulnerability, It doesn't just affect a single object, it affects all objects in the application. Therefore, any problem that arises due to the vulnerability will affect the entire web application. However, the exact impact of the vulnerability varies depending on the web application. According to the logical structure behind the application Prototype Pollution vulnerability; It can cause security vulnerabilities such as remote code execution (RCE), cross-site scripting (XSS) and SQL injection. Mostly, it triggers XSS vulnerability.
How to Fix Prototype Pollution Vulnerability?
What needs to be done to close the security gap varies depending on the location where the vulnerability occurs. If the vulnerability occurs due to a library, the relevant library should be updated to the latest version.
If the cause of the vulnerability is a function as mentioned above, then a condition should be added to the relevant function to check whether the attribute is "__proto__" or not. given above Prototype Pollution vulnerability The security vulnerability of the code containing the code is as follows.
- var merge = function(target, source) {
- for(var attr in source) {
- if(attr === “__proto__”) continue;
- if(typeof(target[attr] === 'object' && typeofsource[attr] === 'object'){
- merge(target[attr], source[attr]);
- } else{
- target[attr] = source[attr];
- }
- }
- return target;
- };