Prototype Pollution
Prototype Pollution
Example 1: JavaScript
Vulnerable Code:
javascriptCopy codelet user = JSON.parse(req.body.user);
Reason for vulnerability: If req.body.user
contains __proto__
, it can pollute the object prototype.
Fixed Code:
javascriptCopy codelet user = JSON.parse(req.body.user);
if (user.hasOwnProperty('__proto__')) {
throw new Error('Prototype pollution attempt detected');
}
Reason for fix: Check for the presence of __proto__
and prevent prototype pollution.
Example 2: JavaScript
Vulnerable Code:
javascriptCopy codelet user = Object.assign({}, req.body);
Reason for vulnerability: If req.body
contains __proto__
, it can pollute the object prototype.
Fixed Code:
javascriptCopy codelet user = Object.assign({}, req.body);
if (user.hasOwnProperty('__proto__')) {
throw new Error('Prototype pollution attempt detected');
}
Reason for fix: Check for the presence of __proto__
and prevent prototype pollution.
Last updated