fastest-json-copy 1.0.1 - Prototype Pollution

## Vulnerability fastest-json-copy version 1.0.1 is vulnerable to prototype pollution. The library does not correctly validate incoming JSON keys, allowing the __proto__ property to be edited. This enables an attacker to modify the prototype of objects, leading to property injection [1][3].

Exploitation

An external attacker can craft a JSON payload containing the __proto__ key. When the copy function processes this input, it assigns values to the object's prototype, polluting it. The attack does not require authentication or special network position; any user or application that passes untrusted JSON to fastest-json-copy is at risk [1][3].

Impact

Successful exploitation allows the attacker to add or modify properties on all objects that inherit from the polluted prototype. This can lead to denial of service, unauthorized data access, or further code execution, depending on the application context [3].

Mitigation

As of the advisory publication date (November 3, 2022), no patch is available. Users should avoid using version 1.0.1 with untrusted JSON input or consider alternative libraries that properly sanitize keys [3].