GMS-2020-382: Prototype Pollution in mithril

September 3, 2020 (updated September 29, 2021)

Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as __proto__%5BtoString%5D=123 in the query string would change the toString() function to 123. If you are using mithril, upgrade to or later. If you are using mithril, upgrade to or later.

References

github.com/advisories/GHSA-c3px-v9c7-m734
www.npmjs.com/advisories/1094

Code Behaviors & Features

Detect and mitigate GMS-2020-382 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →