@syncfusion/ej2-spreadsheet Prototype Pollution Vulnerability Leading to Denial-of-Service

A prototype pollution vulnerability has been identified in the @syncfusion/ej2-spreadsheet package, specifically in version 27.2.2. The issue arises in the lib.setValue function, where attackers can supply a crafted payload to introduce or modify properties within the global prototype chain. This manipulation can cause a denial-of-service condition and potentially escalate to other injection-based attacks, depending on how the library is integrated into the application.

Impact

Exploitation of this vulnerability leads to prototype pollution, allowing attackers to modify the global prototype chain. This can cause a denial-of-service condition and, in some cases, escalate to injection-based attacks, such as executing arbitrary commands through sensitive Node.js APIs, if the polluted property is propagated to them.

Reproduction

To reproduce this vulnerability, import the @syncfusion/ej2-spreadsheet package and call the lib.setValue function with a payload that includes an Object.prototype setter. This will introduce a new property into the global prototype, which can be verified by checking the prototype of an object before and after the attack. The pollution can then be exploited by, for example, propagating the polluted property to a sensitive Node.js API.