Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-46175 PoC — Tauri 安全漏洞

Source
https://github.com/giz-berlin/quasar-app-webpack-json5-vulnerability
Associated Vulnerability
Title:Tauri 安全漏洞 (CVE-2022-46175)
Description:JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.
Description
Reproduction for CVE-2022-46175
Readme
# Quasar App (quasar-app-webpack-json5-vulnerability)

A Quasar Project

## Install the dependencies
```bash
yarn
# or
npm install
```

### Start the app in development mode (hot-code reloading, error reporting, etc.)
```bash
quasar dev
```


### Lint the files
```bash
yarn lint
# or
npm run lint
```


### Format the files
```bash
yarn format
# or
npm run format
```



### Build the app for production
```bash
quasar build
```

### Customize the configuration
See [Configuring quasar.config.js](https://v2.quasar.dev/quasar-cli-webpack/quasar-config-js).
File Snapshot

 [4.0K]  /data/pocs/15ca626c068cec7b4ed9bbddc2b10b547590bc02
├── [ 263]  babel.config.js
├── [1.3K]  package.json
├── [4.0K]  public
│   ├── [ 63K]  favicon.ico
│   └── [4.0K]  icons
│       ├── [ 12K]  favicon-128x128.png
│       ├── [ 859]  favicon-16x16.png
│       ├── [2.0K]  favicon-32x32.png
│       └── [9.4K]  favicon-96x96.png
├── [6.9K]  quasar.config.js
├── [ 558]  README.md
├── [4.0K]  src
│   ├── [ 161]  App.vue
│   ├── [4.0K]  assets
│   │   └── [4.4K]  quasar-logo-vertical.svg
│   ├── [4.0K]  boot
│   ├── [4.0K]  components
│   │   ├── [ 754]  EssentialLink.vue
│   │   ├── [1.2K]  ExampleComponent.vue
│   │   └── [ 108]  models.ts
│   ├── [4.0K]  css
│   │   ├── [  31]  app.scss
│   │   └── [ 774]  quasar.variables.scss
│   ├── [ 209]  env.d.ts
│   ├── [ 991]  index.template.html
│   ├── [4.0K]  layouts
│   │   └── [2.2K]  MainLayout.vue
│   ├── [4.0K]  pages
│   │   ├── [ 588]  ErrorNotFound.vue
│   │   └── [ 919]  IndexPage.vue
│   ├── [ 451]  quasar.d.ts
│   ├── [4.0K]  router
│   │   ├── [1.0K]  index.ts
│   │   └── [ 428]  routes.ts
│   └── [ 244]  shims-vue.d.ts
├── [ 101]  tsconfig.json
└── [281K]  yarn.lock

10 directories, 27 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →