CVE-2022-37611 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.

This can be detected by inspecting the variable’s name through the inspector. If the variable’s name contains the string “proto” it indicates a potential vulnerability in the system.

CVE-2023-37612

This can be detected by inspecting the variable’s name through the inspector. If the variable’s name contains the string “pets” it indicates a potential vulnerability in the system.

Conclusion:

This is a potential vulnerability that can be detected by inspecting the variable’s name. This vulnerability can be detected by inspecting for the string “proto” in the variable’s name.

Timeline

Published on: 10/12/2022 01:15:00 UTC
Last modified on: 10/14/2022 16:33:00 UTC

References

• https://github.com/tschaub/gh-pages/blob/e363b144defe8e555f5a54251a6f7f1297c0e3f6/lib/util.js#L16
• https://github.com/tschaub/gh-pages/blob/e363b144defe8e555f5a54251a6f7f1297c0e3f6/lib/util.js#L11
• https://github.com/tschaub/gh-pages/issues/446
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37611