SassDoc Extras Prototype Pollution Vulnerability Allowing Denial-of-Service
Vulnerability
A prototype pollution vulnerability has been identified in SassDoc Extras versions prior to 3.0.0. The issue arises in the 'byGroupAndType' function, where user input is not properly validated or sanitized. This flaw allows attackers to inject properties into the Object.prototype, leading to unauthorized modifications of the prototype chain. Such alterations can cause denial-of-service conditions, disrupt data integrity, or, in certain contexts, enable arbitrary code execution by exploiting the modified prototype behavior.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition, as the minimum consequence, by disrupting the normal operation of the application or service.
Reproduction
To reproduce this vulnerability, use a version of SassDoc Extras prior to 3.0.0. The 'byGroupAndType' function can be called with a crafted payload that exploits the lack of input validation, injecting properties into the Object.prototype. This can be done by creating a JavaScript object that includes the desired properties and passing it to the function, which will then process the unvalidated input and allow the pollution of the prototype.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.