Client-Side Prototype Pollution

high Web App Scanning Plugin ID 112719

Synopsis

Client-Side Prototype Pollution

Description

Prototype-based programming languages rely on the process of defining objects used as prototypes to be then extended or cloned in order to create new objects. Once instantiated, these objects will inherit from the properties and methods of their prototype.

JavaScript is one of the most common prototype-based language in modern web applications, on both server-side and client-side components. Nearly all the JavaScript objects are instances of Object, making them inherit from the properties and methods of the Object prototype.

A client-side prototype pollution vulnerability exists when an attacker is able to modify the properties of the Object prototype in the context of the web browser, exposing the application users to further issues like Cross-Site Scripting or Denial of Service attacks.

Solution

The inputs should be properly sanitized to prevent the Object prototype from being modified when trying to leverage on the properties like prototype or constructor during some operations (like merging or cloning objects). JavaScript objects can also be explicitly instantiated without a prototype by using the Object.create(null) constructor. Finally, prefer using a Map object as a key and value storage as it will not contain the Objects prototype keys, thus preventing the pollution to occur.

See Also

https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications

https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/

https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/

Plugin Details

Severity: High

ID: 112719

Type: remote

Published: 5/6/2021

Updated: 7/6/2023

Scan Template: full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2021-20083

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2021-20083

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2021-20083, CVE-2021-20084, CVE-2021-20085, CVE-2021-20086, CVE-2021-20087, CVE-2021-20088, CVE-2021-20089