CVE-2024-23339 PoC — hoolock 安全漏洞

Source

https://github.com/200101WhoAmI/CVE-2024-23339

Associated Vulnerability

Title:hoolock 安全漏洞 (CVE-2024-23339)
Description:hoolock是elijahharry个人开发者的一个轻量级实用程序套件。 hoolock 2.0.0版本至2.2.1之前版本存在安全漏洞，该漏洞源于与对象路径相关的函数不会阻止访问或更改对象原型。

Description

pp

Readme

# CVE-2024-23339



## 취약점 개요

- CVE-2024-23339

- CVSS : 6.5

- Jan 23, 2024

- ProtoType Pollution in node.js package

- rebob 프로젝트의 일환



## 취약점 설명

[github advisories](https://github.com/advisories/GHSA-4c2g-hx49-7h25)


hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.


**Impact**

Utility functions related to object paths (get, set and update) did not block attempts to access or alter object prototypes.

***Patches**

The get, set and update functions will throw a TypeError when a user attempts to access or alter inherited properties in versions >=2.2.1.

File Snapshot


 [4.0K]  /data/pocs/0b857472d83260f18d61d2080bb0561ba1e37ea1
└── [ 986]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!