提出 #851357: Node.js enquirer 2.4.1 Prototype Pollution情報

タイトルNode.js enquirer 2.4.1 Prototype Pollution
説明Prototype pollution in the public `Enquirer` prompt flow when `question.name` contains dangerous path segments such as `__proto__`. When a prompt is submitted, `Enquirer` stores the answer using an internal nested setter where the path is derived from the externally supplied `question.name`. Because dangerous segments like `__proto__`, `constructor`, and `prototype` are not rejected, a prompt name such as `__proto__.pp` can pollute `Object.prototype`. This is reachable through the public package API via `new Enquirer()`, `register(...)`, and `prompt(...)`. Impact: if an application allows attacker-controlled prompt definitions or otherwise passes untrusted values into `question.name`, an attacker may be able to trigger application-wide prototype pollution, leading to logic corruption, unsafe property resolution, denial of service, or downstream exploitation depending on how polluted properties are used.
ソース⚠️ https://github.com/enquirer/enquirer/issues/487
ユーザー
 Dremig (UID 95003)
送信2026年06月08日 07:57 (1 月 ago)
モデレーション2026年07月09日 07:15 (1 month later)
ステータス承諾済み
VulDBエントリ377113 [enquirer 迄 2.4.1 Public Package API Enquirer.set question.name]
ポイント20

Do you need the next level of professionalism?

Upgrade your account now!