underscore-contrib Prototype Pollution Vulnerability Leading to Denial-of-Service
Vulnerability
A prototype pollution vulnerability has been identified in the lib.fromQuery function of underscore-contrib version 0.3.0. This vulnerability allows attackers to supply a crafted payload that modifies properties within the global prototype chain, potentially leading to a denial-of-service condition. Furthermore, if the polluted properties interact with sensitive Node.js APIs, it could escalate to more severe injection-based attacks, such as executing arbitrary commands within the application's context.
Impact
Exploitation of this vulnerability causes a denial-of-service condition. However, it also introduces the risk of prototype pollution, which could be exploited to manipulate the application's prototype chain and potentially escalate to more serious attacks, depending on the application's use of Node.js APIs.
Reproduction
The vulnerability can be reproduced by importing the underscore-contrib library and using the lib.fromQuery function to send a payload that includes an Object.prototype setter. This payload will modify the prototype of the global object, as demonstrated in the provided proof-of-concept code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.