Skip to content

Commit 5a24b93

Browse files
anderskandersk
authored
fix: prototype pollution vulnerability in extend (CVE-2024-45435) (#1433)
* chore: upgrade broken GitHub Actions https://github.com/orgs/community/discussions/142581 Signed-off-by: Anders Kaseorg <andersk@mit.edu> * chore: update storyshots Signed-off-by: Anders Kaseorg <andersk@mit.edu> * fix: prototype pollution vulnerability in extend (CVE-2024-45435) Fixes #1427. https://nvd.nist.gov/vuln/detail/CVE-2024-45435 https://gist.github.com/tariqhawis/c67177164d3b7975210caddb25b60d62 Signed-off-by: Anders Kaseorg <andersk@mit.edu> --------- Signed-off-by: Anders Kaseorg <andersk@mit.edu>
1 parent 1067900 commit 5a24b93

File tree

51 files changed

+7
-3
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+7
-3
lines changed

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737
files: ./coverage/lcov.info
3838
fail_ci_if_error: true
3939
- name: Collect artifacts
40-
uses: actions/upload-artifact@v3
40+
uses: actions/upload-artifact@v4
4141
if: "failure() && matrix.stage != 'unit'"
4242
with:
4343
name: Image snapshots (${{ matrix.stage }})

.github/workflows/update-storyshots.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
- name: Update snapshots
2222
run: pnpm test:storyshots -u
2323
- name: Collect artifacts
24-
uses: actions/upload-artifact@v3
24+
uses: actions/upload-artifact@v4
2525
if: always()
2626
with:
2727
name: Updated storyshots

src/core/optionsProvider.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ export function optionsProvider<T = unknown>(
3030
responsiveOptions.forEach(responsiveOption => {
3131
const mql = window.matchMedia(responsiveOption[0]);
3232
if (mql.matches) {
33-
currentOptions = extend(currentOptions, responsiveOption[1]);
33+
currentOptions = extend({}, currentOptions, responsiveOption[1]);
3434
}
3535
});
3636
}

src/utils/extend.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,11 @@ export function extend<T, A, B>(target: T, a: A, b: B): T & A & B;
1111
export function extend(target: any = {}, ...sources: any[]) {
1212
for (let i = 0; i < sources.length; i++) {
1313
const source = sources[i];
14+
const targetProto = Object.getPrototypeOf(target);
1415
for (const prop in source) {
16+
if (targetProto !== null && prop in targetProto) {
17+
continue; // prevent prototype pollution
18+
}
1519
const sourceProp = source[prop];
1620
if (
1721
typeof sourceProp === 'object' &&

test/__image_snapshots__/BarChart__Accumulate-Relative-Stack-snap.png

-740 Bytes

test/__image_snapshots__/BarChart__Adaptive-snap.png

-166 Bytes

test/__image_snapshots__/BarChart__Adaptive__iPad-snap.png

-2.37 KB

test/__image_snapshots__/BarChart__Adaptive__iPhone-X-landscape-snap.png

-3.34 KB

test/__image_snapshots__/BarChart__Adaptive__iPhone-X-snap.png

-1.99 KB

test/__image_snapshots__/BarChart__Bi-Polar-snap.png

-555 Bytes

0 commit comments

Comments
 (0)