CVE-2022-25645 Package dset is vulnerable to Prototype Pollution via 'dset/merge' mode, as dset checks for the top-level path containing __proto__, constructor or protorype.

CVE-2022-25645 Package dset is vulnerable to Prototype Pollution via 'dset/merge' mode, as dset checks for the top-level path containing __proto__, constructor or protorype.

An attacker can inject code into an object and have it appear as if it comes from the object's own constructor. This technique has been previously abused by the CSP team to achieve CSP bypass. Code can also be injected into objects that are being inherited, allowing for code execution on the object's behalf.

All versions of package dml are vulnerable to Prototype Pollution via 'dml/patch' and 'dml/unpatch' modes. By crafting a malicious object, it is possible to bypass these checks and achieve prototype pollution.

To discover if an installation is vulnerable, run the following command:

$ python -m dml --check-version dml/patch

All versions of package dplyr are vulnerable to Prototype Pollution via 'dplyr/select' and 'dplyr/filter' modes. By crafting a malicious object, it is possible to bypass these checks and achieve prototype pollution.

To discover if an installation is vulnerable, run the following command:

$ python -m dplyr --check-version dplyr/select

DML: 'patch' mode

By crafting a malicious object, it is possible to bypass these checks and achieve prototype pollution.

To discover if an installation is vulnerable, run the following command:

$ python -m dml --check-version dml/patch

Python 3.x is not vulnerable to this type of attack

Python 3.x was tested and is not vulnerable to this type of attack.

DML/PATCH VULNERABILITY

It is possible to bypass DML's 'dml/patch' check and achieve prototype pollution. To discover if an installation is vulnerable, run the following command:

$ python -m dml --check-version dml/patch

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe