Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-28269: field/field.js at 2a3811dfc4cdd13833977477d2533534fc61ce06 · jprichardson/field

Prototype pollution vulnerability in ‘field’ versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

CVE
#vulnerability#dos#js#rce

This repository has been archived by the owner before Nov 9, 2022. It is now read-only.

Permalink

Cannot retrieve contributors at this time

var assert = require(‘assert’)

var FIELD_REGEX = /\.|\:/

function get (topObj, fields) {

if (typeof topObj === ‘string’ && arguments.length === 1) {

fields = topObj

topObj = this // hopefully using bind

}

assert(typeof fields === 'string’, ‘field.get(): must pass in a field string.’)

fields = split(fields)

function moveUp (obj, field) {

if (typeof obj[field] !== ‘undefined’) { // we care about falsey values

if (fields.length === 0) return obj[field]

else return moveUp(obj[field], fields.shift())

} else {

return undefined

}

}

return moveUp(topObj, fields.shift())

}

function set (topObj, fields, value) {

if (typeof topObj === ‘string’ && arguments.length === 2) {

value = fields

fields = topObj

topObj = this // hopefully using bind

}

assert(typeof fields === 'string’, ‘field.get(): must pass in a field string.’)

fields = split(fields)

function moveUp (obj, field, value) {

if (typeof obj[field] !== ‘undefined’) { // we care about falsey values

if (fields.length === 0) {

var oldVal = obj[field]

obj[field] = value

return oldVal

} else {

if (typeof obj[field] !== ‘object’) { // we have more fields to go, so we need to replace the current non-object

obj[field] = {}

}

return moveUp(obj[field], fields.shift(), value)

}

} else {

// keep going if necessary

if (fields.length === 0) {

obj[field] = value

return undefined

} else {

// var newField = fields.shift()

obj[field] = {}// {newField: value}

return moveUp(obj[field], fields.shift(), value)

}

}

}

return moveUp(topObj, fields.shift(), value)

}

// hacky way to split ‘…/domwindow:localStorage.getItem’

// i.e. we want all ‘.’ after ‘:’

function split (str) {

if (str.indexOf(‘:’) >= 0) {

var parts = str.split(‘:’)

var m = parts.shift()

parts = parts.join(‘:’).split(FIELD_REGEX)

parts.unshift(m)

return parts

} else {

return str.split(FIELD_REGEX)

}

}

module.exports = {

get: get,

set: set

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907