VDB
KO
HIGH

GHSA-c4gh-rv8h-q9vw

Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader

Details

## Summary The TypeScript Prompty loader used `gray-matter` without overriding executable frontmatter engines. `gray-matter` supports JavaScript frontmatter blocks such as `---js` and evaluates them while parsing. An attacker-controlled `.prompty` file could therefore execute arbitrary JavaScript during prompt loading.

## Affected package - npm `@prompty/core` v2 prerelease line: `>= 2.0.0-alpha.1 < 2.0.0-beta.3` - Fixed in `@prompty/core@2.0.0-beta.3`

The legacy v1 JavaScript runtime had a historical hardening change for this issue. During the v2 TypeScript runtime rebuild, the loader again called `gray-matter` directly and the vulnerable behavior was present in the v2 prerelease packages until `2.0.0-beta.3`.

## Impact Applications that load untrusted `.prompty` files, user-provided prompt paths, or prompt bundles from less-trusted locations could execute arbitrary JavaScript in the host Node.js process during frontmatter parsing.

## Remediation Upgrade `@prompty/core` to `2.0.0-beta.3` or later.

The fix explicitly overrides the `js` and `javascript` gray-matter engines and rejects JavaScript frontmatter in `.prompty` files. Prompty frontmatter is YAML-only; executable frontmatter is unsupported. A regression test now verifies that `---js` frontmatter is rejected and not evaluated.

## Fix details Fixed by commit `c27402da2487075be577f06aa79df627fb9d6853` and released via `typescript/2.0.0-beta.3`.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @prompty/core
Introduced in: 2.0.0-alpha.1 Fixed in: 2.0.0-beta.3
Fix npm install @prompty/core@2.0.0-beta.3

References