GHSA-v8w9-8mx6-g223
Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })
상세
## Summary
When using `parseBody({ dot: true })` in HonoRequest, specially crafted form field names such as `__proto__.x` could create objects containing a `__proto__` property.
If the parsed result is later merged into regular JavaScript objects using unsafe merge patterns, this may lead to prototype pollution in the target object.
## Details
The `parseBody({ dot: true })` feature supports dot notation to construct nested objects from form field names.
In previous versions, the `__proto__` path segment was not filtered. As a result, specially crafted keys such as `__proto__.x` could produce objects containing `__proto__` properties.
While this behavior does not directly modify `Object.prototype` within Hono itself, it may become exploitable if the parsed result is later merged into regular JavaScript objects using unsafe merge patterns.
## Impact
Applications that merge parsed form data into regular objects using unsafe patterns (for example recursive deep merge utilities) may become vulnerable to prototype pollution.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.