hi, we are a security team. We found a Prototype Pollution vulnerability in your project.
Vulnerability Cause
The local.set() method uses numeric IDs as keys to store data. It does not check if the node is Object.prototype, so passing the prototype object causes global pollution.
Vulnerable Code Location
d3-selection/src/local.js – set method
node[id] = value;
Pollutes prototype directly when node = Object.prototype.
Proof of Concept (POC)
const d3_selection = require('d3-selection');
const local = d3_selection.local();
// Pass prototype object
local.set(Object.prototype, 'polluted', 'd3_polluted');
// Verify pollution
console.log({}.polluted); // Output: d3_polluted
Reproduction Steps
Install: npm i d3-selection
Run poc.js
If polluted value is printed, vulnerability is reproduced
Impact
Affects all applications using d3 visualization libraries; may break application logic or enable further attacks.
hi, we are a security team. We found a Prototype Pollution vulnerability in your project.
Vulnerability Cause
The local.set() method uses numeric IDs as keys to store data. It does not check if the node is Object.prototype, so passing the prototype object causes global pollution.
Vulnerable Code Location
d3-selection/src/local.js – set method
Proof of Concept (POC)
Reproduction Steps
Install: npm i d3-selection
Run poc.js
If polluted value is printed, vulnerability is reproduced
Impact
Affects all applications using d3 visualization libraries; may break application logic or enable further attacks.