Submeter #855024: Node.js primereact 10.9.8 Prototype Pollutioninformação

TítuloNode.js primereact 10.9.8 Prototype Pollution
DescriçãoPrimeReact exposes a utility entry point through `primereact/utils`, and that entry point includes `ObjectUtils.mutateFieldData(data, field, value)`. This helper appears to be intended for updating nested object fields by accepting a dot-separated field path, splitting it into path segments, walking the object, and assigning the supplied value at the final segment. The issue is that the path-walking logic treats every segment as a normal property name. If the caller supplies a field path such as `__proto__.polluted`, JavaScript does not treat `__proto__` like a regular own property on a plain object. Instead, reading that segment can resolve to the object's prototype. The subsequent assignment then writes the attacker-controlled property onto `Object.prototype`. As a result, a call that appears to mutate only the provided local object can modify the global object prototype. After this happens, newly created objects may inherit the injected property. This is the classic prototype pollution pattern and can become security-relevant when application logic later checks object properties for authorization, feature flags, configuration, validation state, or other control-flow decisions. The vulnerable behavior is reachable through a public package subpath (`primereact/utils`) and a declared utility API. The PoC below demonstrates the issue without relying on private internals or a browser environment.
Fonte⚠️ https://github.com/primefaces/primereact/issues/8553
Utilizador
 Dremig (UID 95003)
Submissão10/06/2026 13h23 (há 1 mês)
Moderação12/07/2026 20h03 (1 month later)
EstadoAceite
Entrada VulDB377888 [primefaces primereact até 10.9.8 API ObjectUtils.mutateFieldData Campo Elevação de Privilégios]
Pontos20

Interested in the pricing of exploits?

See the underground prices here!