Name of the Vulnerable Software and Affected Versions: derby (affected versions not specified)

Description: A prototype pollution issue in derby can cause the application to crash if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are typically developer-controlled, not end-user-controlled, which minimizes the practical impact for most applications. The emit() function is called without sanitizing the variable this.lastSegment, allowing it to be set to proto and pollute the prototype of the JavaScript Object.

Recommendations: To resolve this issue, add a check on this.lastSegment to prevent the attack. Modify the emit() function as follows:

emit(context: Context, target: T) {
 const node = traverseAndCreate(context.controller, this.segments);
 if (this.lastSegment.includes(' proto ') || this.lastSegment.includes('prototype')) {
  throw new Error('Unsafe code detected');
 }
 node[this.lastSegment] = target;
 this.addListeners(target, node, this.lastSegment);
}