| 제목 | Node.js enquirer 2.4.1 Prototype Pollution |
|---|
| 설명 | Prototype pollution in the public `Enquirer` prompt flow when `question.name` contains dangerous path segments such as `__proto__`.
When a prompt is submitted, `Enquirer` stores the answer using an internal nested setter where the path is derived from the externally supplied `question.name`. Because dangerous segments like `__proto__`, `constructor`, and `prototype` are not rejected, a prompt name such as `__proto__.pp` can pollute `Object.prototype`.
This is reachable through the public package API via `new Enquirer()`, `register(...)`, and `prompt(...)`.
Impact: if an application allows attacker-controlled prompt definitions or otherwise passes untrusted values into `question.name`, an attacker may be able to trigger application-wide prototype pollution, leading to logic corruption, unsafe property resolution, denial of service, or downstream exploitation depending on how polluted properties are used. |
|---|
| 원천 | ⚠️ https://github.com/enquirer/enquirer/issues/487 |
|---|
| 사용자 | Dremig (UID 95003) |
|---|
| 제출 | 2026. 06. 08. AM 07:57 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 09. AM 07:15 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 377113 [enquirer 까지 2.4.1 Public Package API Enquirer.set question.name] |
|---|
| 포인트들 | 20 |
|---|