CVE-2022-25645 Package dset is vulnerable to Prototype Pollution via 'dset/merge' mode, as dset checks for the top-level path containing __proto__, constructor or protorype.
An attacker can inject code into an object and have it appear as if it comes from the object's own constructor. This technique has been previously abused by the CSP team to achieve CSP bypass. Code can also be injected into objects that are being inherited, allowing for code execution on the object's behalf.
All versions of package dml are vulnerable to Prototype Pollution via 'dml/patch' and 'dml/unpatch' modes. By crafting a malicious object, it is possible to bypass these checks and achieve prototype pollution.
To discover if an installation is vulnerable, run the following command:
$ python -m dml --check-version dml/patch
All versions of package dplyr are vulnerable to Prototype Pollution via 'dplyr/select' and 'dplyr/filter' modes. By crafting a malicious object, it is possible to bypass these checks and achieve prototype pollution.
To discover if an installation is vulnerable, run the following command:
$ python -m dplyr --check-version dplyr/select
DML: 'patch' mode
By crafting a malicious object, it is possible to bypass these checks and achieve prototype pollution.
To discover if an installation is vulnerable, run the following command:
$ python -m dml --check-version dml/patch
Python 3.x is not vulnerable to this type of attack
Python 3.x was tested and is not vulnerable to this type of attack.
DML/PATCH VULNERABILITY
It is possible to bypass DML's 'dml/patch' check and achieve prototype pollution. To discover if an installation is vulnerable, run the following command:
$ python -m dml --check-version dml/patch
Timeline
Published on: 05/01/2022 16:15:00 UTC
Last modified on: 05/11/2022 16:18:00 UTC