TaffyDB security vulnerability – JavaScript – SitePoint Forums


Share post:

I read of a security vulnerability with TaffyDB: https://snyk.io/vuln/search?q=taffy&type=npm


taffydb is an open source JavaScript library that provides in-memory database capabilities

Affected versions of this package are vulnerable to Internal Property Tampering. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If an index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g. T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.

What does this mean? The TaffyDB page I use simply displays a list of products that are also listed on our website. There is nothing secret on the page. Would my use case be hurt by this vulnerability? If so, what would be an alternative?

Source link


Please enter your comment!
Please enter your name here

Related articles

Top 20 Web Development Companies in India

In the present digital age, websites are regarded as a company’s face, representing its offerings. From MNCs...

We are committed to investing in public toilets

Public toilets in Highbury Crescent • IT’S absolutely vital Islington has good, accessible, public toilets so residents and...

This Is Who Ends Up Rich When the Stock Market Crashes

Image source: Getty Images It takes a cool head to prosper during a market crash.  Key points Those who make...

How to make $30k per week – inside the murky world of underground poker in Auckland

The home in Onewa Rd, Northcote Pt in the days after the raid. Photo / George Block ...