@intlify/message-resolver, Prototype Pollution, CVE-2023-XXXX (Critical)

By /

How the CVE Works:

The vulnerability in @intlify/message-resolver (v9.1) and @intlify/vue-i18n-core (v9.2 or later) arises due to improper handling of user-supplied input in the `handleFlatJson` function. Prototype Pollution occurs when an attacker injects properties into the global prototype chain, such as Object.prototype, by manipulating the input payload. This can lead to denial of service (DoS) or, in severe cases, arbitrary code execution if polluted properties propagate to sensitive Node.js APIs like `exec` or eval. The PoC demonstrates how an attacker can modify the prototype chain, introducing or altering properties globally.

DailyCVE Form:

Platform: Node.js
Version: @intlify/message-resolver 9.1, @intlify/vue-i18n-core 9.2+
Vulnerability: Prototype Pollution
Severity: Critical
Date: 2023-XX-XX

(End of form)

What Undercode Say:

Exploitation:

  1. Payload Injection: Use crafted JSON payloads to pollute Object.prototype. 
    { "<strong>proto</strong>.pollutedKey": "pollutedValue" }
  2. PoC Execution: Run the provided PoC script to verify vulnerability. 
    npm install @intlify/[email protected]
node poc.js
  3. Impact: Modify global prototypes to trigger DoS or execute arbitrary commands.

Protection:

  1. Update Libraries: Upgrade to patched versions of @intlify/message-resolver and @intlify/vue-i18n-core. 
    npm update @intlify/message-resolver @intlify/vue-i18n-core
  2. Input Validation: Sanitize user inputs to prevent prototype pollution. 
    function sanitizeInput(obj) {
if (obj.hasOwnProperty('<strong>proto</strong>')) throw new Error('Invalid input');
return obj;
}
  3. Use Safe Libraries: Replace vulnerable libraries with alternatives like i18next.

Analytics:

  • Affected Versions: @intlify/message-resolver <= 9.1, @intlify/vue-i18n-core <= 9.2.
  • CVSS Score: 9.8 (Critical).
  • Exploitability: High (Remote code execution possible).

References:

Commands:

  • Check installed version: 
    npm list @intlify/message-resolver
  • Remove vulnerable package: 
    npm uninstall @intlify/message-resolver

URLs:

References:

Reported By: https://github.com/advisories/GHSA-p2ph-7g93-hw3m
Extra Source Hub:
Undercode

Join Our Cyber World:

Whatsapp
TelegramFeatured Image

Scroll to Top