‘Class pollution’ flaw similar to dangerous vulnerability type found in JavaScript and similar languages

Prototype pollution is a dangerous bug class associated with prototype-based languages, the most popular among them JavaScript.

One researcher, however, has found a variant of prototype pollution that is applicable to Python, while other class-based programming languages might also be vulnerable to similar attacks.

From prototype pollution to class pollution

In JavaScript, each object inherits the ‘prototype’ of its parent object, which contains all the attributes and functions of that object. JavaScript objects can traverse the prototypes of their parents to access their functionality.

Prototypes can be modified at runtime, which makes JavaScript dynamic and flexible, but also dangerous. Prototype pollution attacks exploit this characteristic to modify the behavior of JavaScript applications and perform malicious actions.

Class-based languages such as Python are supposedly immune to such manipulations.


LIKE THIS KIND OF CONTENT? Tell us about your experience of The Daily Swig to win swag


However, security researcher Abdulraheem Khaled has discovered a coding scheme that can allow attackers to perform prototype pollution-like attacks on Python programs. He calls it ‘class pollution’ in a blog post documenting his findings.

Khaled told The Daily Swig that he discovered the attack during attempts to translate the concepts of JavaScript prototype pollution to Python.

Manipulating Python classes

In order to pollute Python objects, the attacker needs an entry point that uses user input to set the attributes of an object. If the user input determines both the attribute name and value, then an attacker can exploit it to manipulate the program’s behavior.

“The key factor to look for is whether the application uses unsanitized user-controllable input to set attributes of an object (controlling the attribute name to be set and its value) or not,” Khaled told The Daily Swig.

If the target function uses recursive loops to traverse the object’s attributes, then the attacker can potentially gain access to parent classes, global variables, and more. Khaled calls this an “unsafe merge”.

For example, an attacker can use such functionality to modify command strings executed by the system, change the value of sensitive variables, and trigger denial of service attacks (DoS) by making critical classes dysfunctional.

Unlike with JavaScript, Python class pollution attacks are limited by the manipulations that are possible on built-in object types.


BACKGROUND Prototype pollution: The dangerous, underrated vulnerability impacting JavaScript applications


“Unlike JS [JavaScript], you cannot set attributes on the global/built-in object class as it’s an immutable type. This puts some limitations when looking for gadgets,” Khaled said.

Changing the base object prototype is one of the key attack vectors in JavaScript prototype pollution, which makes Python attacks somewhat limited.

However, Khaled found that the vulnerable merge function might enable attackers to overcome this limitation by giving them access to global in-app variables and other classes defined in the Python program or imported modules.

Class pollution in the wild

Khaled said that all kinds of Python applications can be vulnerable to this type of attack as long as they take unsanitized user input and implement a form of unsafe object attribute assignment.

During his investigations, he found several instances of popular Python libraries that had an unsafe merge function exposing them to class pollution attacks.

The minimum impact of class pollution would be DoS. But attacks could potentially have deeper effects on Python web applications such as:

  • Overwriting the secret key used to sign sessions in Flask web applications and manually crafting valid sessions to stage account takeover attacks
  • Circumventing filters – for example bypassing the path traversal prevention implemented in Jinja when trying to load a template file. This leads to local file disclosure and inclusion by enabling attackers to load files from any local directory without being restricted to the templates directory
  • Remote command execution, by overwriting COMSPEC or PATH environment variables

“Prototype pollution is definitely one of the topics that deserve more attention from the community, and we started to see more focus on it recently,” Khaled said.

“Class pollution might be a new vulnerability that has just come to light, [but] I expect to see it in other programming languages soon.”


YOU MAY ALSO LIKE Devs urged to rotate secrets after CircleCI suffers security breach