Prototype Pollution Vulnerability in ts-fns #36
Description
Summary
A prototype pollution vulnerability exists in the assign function of the ts-fns package prior to version 13.0.7. Insufficient validation of user-provided keys allows attackers to inject arbitrary properties into the Object.prototype chain. Exploitation can lead to application crashes, unexpected code execution behaviors, or bypassing security-critical validation logic dependent on prototype integrity.
Details
The vulnerability arises from improper handling of deep property assignment operations within the assign function. When processing user-supplied keys, the library fails to adequately sanitize inputs, enabling adversaries to manipulate the Object.prototype globally. This flaw stems from the lack of validation for property names that traverse prototype chains (e.g., __proto__), allowing attackers to inject arbitrary properties into the global object's prototype.
This issue affects ts-fns versions prior to 13.0.7. Despite the release of version 13.0.7, the vulnerability remains unaddressed in the latest available version, leaving applications utilizing the assign function exposed to potential exploitation.
Impact
This is a prototype pollution vulnerability (CWE-1321). Applications relying on ts-fns versions prior to 13.0.7 are at risk. Successful exploitation could result in denial of service, arbitrary code execution, or undermining security mechanisms that depend on the integrity of Object.prototype. All users leveraging the assign function in affected versions should take immediate action to mitigate potential risks.