hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix typo, the variable in the example is called items

Browse Source
This commit is contained in:
erik-krogh
2023-05-15 17:23:40 +02:00
parent 9dede31c0d
commit 7a338c408e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp
View File

@@ -35,8 +35,8 @@
<p>
In the example below, the untrusted value <code>req.params.id</code> is used as the property name
<code>req.session.todos[id]</code>. If a malicious user passes in the ID value <code>__proto__</code>,
the variable <code>todo</code> will then refer to <code>Object.prototype</code>.
Finally, the modification of <code>todo</code> then allows the attacker to inject arbitrary properties
the variable <code>items</code> will then refer to <code>Object.prototype</code>.
Finally, the modification of <code>items</code> then allows the attacker to inject arbitrary properties
onto <code>Object.prototype</code>.
</p>