-
-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
type checking #30
Comments
@xiaofen9 would you care to submit this fix as a PR, for @jonschlinkert to review? 😎 |
A PR would be great. Could you provide a more detailed description of specifically how and when this could become an actual exploit? |
I've locked the issue to prevent useless and distracting "me too" comments. @xiaofen9 if you want to create a PR, that would be great. It would help if you could add a description of when and how this can be used "maliciously". We can't think of one scenario where that could ever happen... but that doesn't mean it can't, so we'd love to be enlightened so that we know better in the future. |
Closed by #31 |
We found that a maliciously crafted user-input object can type checking result of kind-of module.
The vulnerability is from the following code: kind-of leverages the built-in constructor of unsafe user-input to detect type information. However, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
kind-of/index.js
Lines 68 to 70 in 4da96c0
Reproduce Script
This issue can be fixed by adding one simply check to the ctorName() function:
check
typeof val.constructor === function
. This check can patch the vulnerability because attackers can't use json to send function instances to the victim server.The text was updated successfully, but these errors were encountered: