ghsa-hxj9-33pp-j2cc
Vulnerability from github
Published
2025-12-09 17:11
Modified
2025-12-09 21:37
Severity ?
9.1 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Elysia vulnerable to prototype pollution with multiple standalone schema validation
Details

Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the __proto__ prop to be merged.

When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker.

Impact

Routes with more than 2 standalone schema validation, eg. zod

Example vulnerable code: ```typescript import { Elysia } from "elysia" import * as z from "zod"

const app = new Elysia() .guard({ schema: "standalone", body: z.object({ data: z.any() }) }) .post("/", ({ body }) => ({ body, win: {}.foo }), { body: z.object({ data: z.object({ messageId: z.string("pollute-me"), }) }) }) ```

Patches

Patched by 1.4.17 (https://github.com/elysiajs/elysia/pull/1564)

Reference commit: - https://github.com/elysiajs/elysia/pull/1564/commits/26935bf76ebc43b4a43d48b173fc853de43bb51e - https://github.com/elysiajs/elysia/pull/1564/commits/3af978663e437dccc6c1a2a3aff4b74e1574849e

Workarounds

Remove __proto__ key from body

Example plugin for removing __proto__ from body

```typescript new Elysia() .onTransform(({ body, headers }) => { if (headers['content-type'] === 'application/json') return JSON.parse(JSON.stringify(body), (k, v) => { if (k === 'proto') return

            return v
        })
})

```

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "elysia"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.4.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66456"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-09T17:11:53Z",
    "nvd_published_at": "2025-12-09T20:15:54Z",
    "severity": "CRITICAL"
  },
  "details": "Prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an `any` type that is set as a `standalone` guard, to allow for the `__proto__` prop to be merged.\n\nWhen combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker.\n\n### Impact\nRoutes with more than 2 standalone schema validation, eg. zod\n\nExample vulnerable code:\n```typescript\nimport { Elysia } from \"elysia\"\nimport * as z from \"zod\"\n\nconst app = new Elysia()\n\t.guard({\n\t\tschema: \"standalone\",\n\t\tbody: z.object({\n\t\t\tdata: z.any()\n\t\t})\n\t})\n\t.post(\"/\", ({ body }) =\u003e ({ body, win: {}.foo }), {\n\t\tbody: z.object({\n\t\t\tdata: z.object({\n\t\t\t\tmessageId: z.string(\"pollute-me\"),\n\t\t\t})\n\t\t})\n\t})\n```\n\n### Patches\nPatched by 1.4.17 (https://github.com/elysiajs/elysia/pull/1564)\n\nReference commit:\n- https://github.com/elysiajs/elysia/pull/1564/commits/26935bf76ebc43b4a43d48b173fc853de43bb51e\n- https://github.com/elysiajs/elysia/pull/1564/commits/3af978663e437dccc6c1a2a3aff4b74e1574849e\n\n### Workarounds\nRemove `__proto__` key from body\n\nExample plugin for removing `__proto__` from body\n\n```typescript\nnew Elysia()\n\t.onTransform(({ body, headers }) =\u003e {\n\t\tif (headers[\u0027content-type\u0027] === \u0027application/json\u0027)\n\t\t\treturn JSON.parse(JSON.stringify(body), (k, v) =\u003e {\n\t\t\t\tif (k === \u0027__proto__\u0027) return\n\n\t\t\t\treturn v\n\t\t\t})\n\t})\n```",
  "id": "GHSA-hxj9-33pp-j2cc",
  "modified": "2025-12-09T21:37:06Z",
  "published": "2025-12-09T17:11:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/elysiajs/elysia/security/advisories/GHSA-8vch-m3f4-q8jf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elysiajs/elysia/security/advisories/GHSA-hxj9-33pp-j2cc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66456"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elysiajs/elysia/pull/1564"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elysiajs/elysia/commit/26935bf76ebc43b4a43d48b173fc853de43bb51e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elysiajs/elysia/commit/3af978663e437dccc6c1a2a3aff4b74e1574849e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elysiajs/elysia"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sportshead/elysia-poc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Elysia vulnerable to prototype pollution with multiple standalone schema validation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.