GHSA-c4gh-rv8h-q9vw
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
Details
## Summary The TypeScript Prompty loader used `gray-matter` without overriding executable frontmatter engines. `gray-matter` supports JavaScript frontmatter blocks such as `---js` and evaluates them while parsing. An attacker-controlled `.prompty` file could therefore execute arbitrary JavaScript during prompt loading.
## Affected package - npm `@prompty/core` v2 prerelease line: `>= 2.0.0-alpha.1 < 2.0.0-beta.3` - Fixed in `@prompty/core@2.0.0-beta.3`
The legacy v1 JavaScript runtime had a historical hardening change for this issue. During the v2 TypeScript runtime rebuild, the loader again called `gray-matter` directly and the vulnerable behavior was present in the v2 prerelease packages until `2.0.0-beta.3`.
## Impact Applications that load untrusted `.prompty` files, user-provided prompt paths, or prompt bundles from less-trusted locations could execute arbitrary JavaScript in the host Node.js process during frontmatter parsing.
## Remediation Upgrade `@prompty/core` to `2.0.0-beta.3` or later.
The fix explicitly overrides the `js` and `javascript` gray-matter engines and rejects JavaScript frontmatter in `.prompty` files. Prompty frontmatter is YAML-only; executable frontmatter is unsupported. A regression test now verifies that `---js` frontmatter is rejected and not evaluated.
## Fix details Fixed by commit `c27402da2487075be577f06aa79df627fb9d6853` and released via `typescript/2.0.0-beta.3`.
Are you affected?
Enter the version of the package you're using.
Affected packages
2.0.0-alpha.1 Fixed in: 2.0.0-beta.3 npm install @prompty/core@2.0.0-beta.3