Nortikin Sverchok Set Property Mk2 Node Prototype Pollution Vulnerability

A prototype pollution vulnerability has been identified in the Nortikin Sverchok Blender addon, specifically in version 1.3.0. The issue arises in the Set Property Mk2 Node, within the function SvSetPropNodeMK2. The vulnerability allows for improper modification of object prototype attributes, which can be exploited remotely. The problem stems from the node's failure to validate object paths, enabling attackers to use dunder variables to traverse and manipulate the Python runtime. This could lead to various harmful outcomes, such as stealing sensitive information like GitHub tokens.

Impact

Exploitation of this vulnerability allows for arbitrary modification of the Python runtime, which could be used to steal tokens or cause a denial-of-service condition.

Reproduction

To reproduce this vulnerability, add a Set Property Mk2 node and input an object path that includes dunder variables to traverse to global variables or other modules. This can be done by referencing specific attributes that, when manipulated, could lead to unauthorized actions, such as overwriting values with malicious payloads. After setting the node, export it to GitHub Gist to trigger the exploitation.

Remediation

The vulnerability can be mitigated by validating object paths in the Set Property Mk2 node to reject dunder variables before they can be processed.