Miggo Logo
Miggo Vulnerability Database
CVE-2024-34273

CVE-2024-34273: njwt Prototype Pollution vulnerability

5.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-34273
GHSA ID
GHSA-3hvj-2783-34x2
EPSS Score
0.25998%
CWE
CWE-1321
Published
5/16/2024
Updated
11/18/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
njwtnpm< 2.0.12.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key points: 1) Parser.prototype.parse processes raw JWT headers and passes them to JwtHeader without the 'enforceDefaultFields=false' parameter pre-patch, allowing prototype pollution vectors. 2) The JwtHeader constructor's original implementation stored critical security configuration (reservedKeys) in the prototype, making it susceptible to pollution via malicious proto properties in JWT headers. The commit fixes both by freezing prototypes and moving reservedKeys to a local variable. The PoC demonstrates pollution through these entry points, and the patch directly modifies these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

njwt up to v*.*.* w*s *is*ov*r** to *ont*in * prototyp* pollution in t** `P*rs*r.prototyp*.p*rs*` m*t*o*.

Reasoning

T** vuln*r**ility st*ms *rom two k*y points: *) P*rs*r.prototyp*.p*rs* pro**ss*s r*w JWT *****rs *n* p*ss*s t**m to Jwt*****r wit*out t** '*n*or******ult*i*l*s=**ls*' p*r*m*t*r pr*-p*t**, *llowin* prototyp* pollution v**tors. *) T** Jwt*****r *onstru