ajax-request Prototype Pollution Vulnerability Leading to Denial-of-Service

A prototype pollution vulnerability has been identified in the ajax-request library, specifically in version 1.2.3. This vulnerability allows attackers to manipulate the global prototype chain by supplying a crafted payload, potentially leading to a denial-of-service condition. The issue arises in the lib.post function, where an attacker can introduce or modify properties that may disrupt the application's normal operation. Furthermore, if the polluted properties are propagated to sensitive Node.js APIs, such as exec or eval, it could enable the execution of arbitrary commands within the application's context.

Impact

Exploitation of this vulnerability causes a denial-of-service condition. However, according to the advisory, the impact could escalate to other injection-based attacks, depending on how the library is integrated into the application.

Reproduction

The vulnerability can be reproduced by using the ajax-request library version 1.2.3 and calling the lib.post function with a payload that includes an Object.prototype setter. This payload will introduce a property into the prototype chain, which can be verified by checking the prototype of an object before and after the injection. The pollution can disrupt the application's functionality and, if the polluted property is used with sensitive Node.js APIs, could lead to more severe consequences.