Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-37624/ Prototype pollution in jsonBodyParser.js #1927

Closed
secdevlpr26 opened this issue Oct 27, 2022 · 1 comment
Closed

CVE-2022-37624/ Prototype pollution in jsonBodyParser.js #1927

secdevlpr26 opened this issue Oct 27, 2022 · 1 comment

Comments

@secdevlpr26
Copy link

Prototype pollution vulnerability in function jsonBodyParser in jsonBodyParser.js in restify node-restify 9.0.0-rc.1 via the k variable in jsonBodyParser.js.

The prototype pollution vulnerability can be mitigated with several best practices described here: [https://learn.snyk.io/lessons/prototype-pollution/javascript/]
@mmarchini
Copy link
Contributor

please dont report security issues on the public github, email [email protected] with steps on how the vulnerability can be exploited. Or, if you want to open a PR to make that code more robust regardless if it's exploitable or not, feel free to do so as well.

@restify restify locked and limited conversation to collaborators Jan 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmarchini @secdevlpr26