jsonpath Prototype Pollution Vulnerability
Vulnerability
A prototype pollution vulnerability exists in the jsonpath library version 1.1.1. The issue arises in the value function within lib/index.js, where the library fails to properly sanitize or validate special object keys, such as __proto__, constructor, or prototype, in path expressions. This vulnerability allows an attacker to exploit the value function to modify the global Object.prototype.
Impact
Exploitation of this vulnerability allows for prototype pollution, which can lead to various issues such as manipulating object prototypes and potentially causing application-level vulnerabilities.
Reproduction
To reproduce this vulnerability, use jsonpath version 1.1.1 and create a JSON object. Then, use the value function to query the object with a path expression that includes unsanitized special keys like __proto__. This will result in modifying the Object.prototype, demonstrating the prototype pollution vulnerability.
Remediation
Users can upgrade to jsonpath version 1.1.2, which addresses the prototype pollution vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.