제출 #855677: Node.js @tanstack/db 0.6.8 Prototype Pollution정보

제목Node.js @tanstack/db 0.6.8 Prototype Pollution
설명`@tanstack/db` is vulnerable to prototype pollution through public query APIs. The root package entry exports `queryOnce`, `createCollection`, and `localOnlyCollectionOptions`. A caller can pass an alias containing prototype-pollution path segments to `select()`, such as `__proto__.tanstackPolluted`. During query compilation, `src/query/compiler/select.ts` processes select aliases as dot-separated nested paths. The alias is split with `alias.split('.')`, and each segment is used to build nested objects in the query result. Dangerous segments such as `__proto__`, `constructor`, and `prototype` are not filtered. When the first segment is `__proto__`, the write cursor can resolve to `Object.prototype`, causing the next assignment to pollute the global object prototype.
원천⚠️ https://github.com/TanStack/db/issues/1584
사용자
 Dremig (UID 95003)
제출2026. 06. 11. AM 05:12 (1 월 ago)
모더레이션2026. 07. 13. PM 05:40 (1 month later)
상태수락
VulDB 항목378115 [tanstack db 까지 0.6.8 Alias Path select.ts select]
포인트들20

Do you need the next level of professionalism?

Upgrade your account now!