A bug in Ember.js, a JavaScript framework for building Node.js web applications, allowed attackers to stage prototype pollution attacks against the host server.
Prototype pollution attacks take advantage of JavaScript’s dynamic property-assignment features to make global changes to critical objects. In the case of Ember.js, the prototype pollution vulnerability could potentially allow attackers to stage cross-site scripting(XSS) attacks and steal user information.
Masato Kinugawa, the security researcher who discovered the bug, first caught sight of it during another investigation.
“In spring 2021, I noticed an XSS bug in one of the domains owned by Google, and I reported it through the Google Bug Bounty Program,” Kinugawa told The Daily Swig. “When investigating the details, I noticed that the root cause was in the Ember.js framework.”
According to Kinugawa’s findings, if an application passes unsanitized user input to some of the property-setting functions of Ember.js objects, it can lead to prototype pollution.
