feat: add enhanced exploit detection patterns for CVE-2025-55182

[alokemajumder]

Summary

• Add two new detection patterns to middleware based on analysis of public PoC exploits
• then_pollution: Detects Object.prototype.then pollution attempts
• prefix_injection: Detects _prefix property injection in payloads

Changes

Only src/middleware/detector.ts modified - added 2 new pattern definitions.

Test plan

• All 122 existing tests pass
• New patterns verified manually
• Build succeeds

Summary by CodeRabbit

Release Notes

• New Features
  • Enhanced security detection with two new patterns covering Object.prototype.then pollution and property injection attempts marked as high-severity threats.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Two new exploit pattern entries were added to the detector's EXPLOIT_PATTERNS constant to identify Object.prototype.then pollution and _prefix property injection attempts, extending detection coverage for CVE-2025-55182 exploitation techniques.

Changes

Cohort / File(s)	Summary
Exploit pattern additions src/middleware/detector.ts	Added then_pollution pattern to detect Object.prototype.then pollution attempts (high severity). Added prefix_injection pattern to detect _prefix property injection attempts (high severity).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Verify pattern regex expressions are correctly formatted and syntactically valid
• Confirm severity levels and descriptions are appropriate for each exploit type

Poem

🐰 Hop, hop, pollution's caught!
Two new patterns sought,
Then and prefix, threats of naught,
Security gaps are fought!
✨🛡️

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding enhanced exploit detection patterns for a specific CVE vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/enhanced-exploit-detection

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8c180f8 and 0727def.

📒 Files selected for processing (1)

• src/middleware/detector.ts (1 hunks)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Overly broad pattern may cause false positives.

The second alternation \.then\s*= will match any assignment to a .then property, not just prototype pollution. For example, promise.then = someFunc or obj.then = value would trigger this pattern even though they're not prototype pollution attempts.

Consider making the pattern more specific to actual prototype pollution vectors:

   {
     name: 'then_pollution',
-    pattern: /prototype\s*\.\s*then|\.then\s*=/i,
+    pattern: /(Object|constructor)\s*\.\s*prototype\s*\.\s*then|__proto__\s*\.\s*then|\[\s*["']__proto__["']\s*\]\s*\.\s*then/i,
     severity: 'high' as const,
     description: 'Object.prototype.then pollution attempt',
   },

This revised pattern targets:

• Object.prototype.then or constructor.prototype.then
• __proto__.then
• ["__proto__"].then (bracket notation)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Object.prototype.then pollution (CVE-2025-55182 exploit technique)
	{
	name: 'then_pollution',
	pattern: /prototype\s*\.\s*then|\.then\s*=/i,
	severity: 'high' as const,
	description: 'Object.prototype.then pollution attempt',
	},
	// Object.prototype.then pollution (CVE-2025-55182 exploit technique)
	{
	name: 'then_pollution',
	pattern: /(Object|constructor)\s*\.\s*prototype\s*\.\s*then|__proto__\s*\.\s*then|\[\s*["']__proto__["']\s*\]\s*\.\s*then/i,
	severity: 'high' as const,
	description: 'Object.prototype.then pollution attempt',
	},

🤖 Prompt for AI Agents

In src/middleware/detector.ts around lines 32 to 38, the current regex
/\.then\s*=/ is overly broad and flags any assignment to a .then property (false
positives); narrow the pattern to match real prototype-pollution vectors only by
targeting explicit prototype paths such as Object.prototype.then,
<someIdentifier>.constructor.prototype.then, __proto__.then and bracket notation
like ["__proto__"].then or ['__proto__'].then; replace the alternation with a
regex that matches these forms (e.g. patterns for \bObject\.prototype\.then\b,
\b[A-Za-z_$][A-Za-z0-9_$]*\.constructor\.prototype\.then\b, __proto__ (dot)
then, and bracketed "__proto__" access) while preserving case-insensitivity and
keeping severity/description the same.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

CVE-2025-55182 React Server Components exploitation

💡 Result:

Short summary — CVE-2025-55182 is a critical (CVSS 10.0) unauthenticated remote‑code‑execution vulnerability in the React Server Components (RSC) "Flight" handling. An attacker can send a crafted HTTP RSC payload to vulnerable servers and achieve RCE without authentication. Immediate patching is required. [1][2][3]

Key facts

• Affected packages/versions: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack in React 19.0.0, 19.1.0, 19.1.1, 19.2.0 (varies by package). Also impacts many Next.js 15/16 releases and some canary builds. [1][4][5]
• Exploitation: requires only a crafted HTTP request targeting the RSC/server‑function endpoint; proof‑of‑concept exploits and weaponization reports exist and some vendors report active exploitation. [2][6]
• Patched releases: React RSC patched versions include 19.0.1, 19.1.2, 19.2.1 (upgrade to the appropriate patched line). Next.js patched releases are listed in vendor advisories — upgrade Next.js to the fixed versions. [1][4]

Immediate actions (recommended)

1. Patch now — upgrade react-server-dom-* to the patched versions (19.0.1 / 19.1.2 / 19.2.1) and upgrade Next.js to the vendor‑recommended fixed releases. Test and deploy ASAP. [1][4]
2. If you cannot patch immediately, apply WAF rules / emergency vendor mitigations (Cloudflare, Akamai, Vercel, etc.) and restrict access to server‑function endpoints (IP allow‑lists, internal only). Audit builds, images, CI artifacts, and dependency trees for vulnerable packages. [2][3][6]
3. Hunt for indicators: review logs for unexpected POSTs to RSC endpoints, spawned processes, or anomalous command execution; rotate credentials and isolate compromised hosts if exploitation is detected. [2][5]

References
[1] React team advisory: Critical security vulnerability in React Server Components (Dec 3, 2025).
[2] Wiz research advisory: technical details and PoC reliability.
[3] Kaspersky blog post on CVE-2025-55182.
[4] GitHub Advisory / GitHub Advisory DB entry for the RSC RCE.
[5] CSA (Singapore) alert on the vulnerability.
[6] Multiple vendor advisories / news reports noting active exploitation and mitigation guidance.

If you want, I can: (A) check a specific project (package.json / lockfile) for vulnerable react-server-dom versions, or (B) fetch the exact Next.js versions you must upgrade from/to for your environment. Which would you prefer?

---

🏁 Script executed:

#!/bin/bash
# Search for test files covering these patterns
find . -type f \( -name "*test*" -o -name "*spec*" \) \( -name "*.ts" -o -name "*.js" \) | head -20

# Search for references to these patterns in tests
rg -i "then_pollution|prefix_injection" --type ts --type js

# Check the detector.ts file context
fd -name "detector.ts" -type f

Repository: gensecaihq/react2shell-scanner

Length of output: 783

---

🏁 Script executed:

#!/bin/bash
# Check middleware test file for these pattern tests
rg "then_pollution|prefix_injection" test/unit/middleware.test.ts -A 5 -B 2

# View the detector.ts file to understand implementation
cat src/middleware/detector.ts

Repository: gensecaihq/react2shell-scanner

Length of output: 5839

---

🌐 Web query:

CVE-2025-55182 "then pollution" "prototype.then" RSC Flight exploitation technique

💡 Result:

Short summary — what "then pollution" / "prototype.then" is and how it was used against CVE-2025-55182 (React RSC Flight):

• CVE-2025-55182 is a critical RCE in React Server Components (the RSC “Flight” protocol) caused by unsafe deserialization of Flight payloads; it lets attacker-controlled payload fields steer server-side execution. Patch committed to check hasOwnProperty for exported names. [1][2]

• The exploitation technique dubbed "then pollution" (or prototype.then abuse) abuses JavaScript's prototype/then semantics during deserialization: an attacker injects a property named "then" (and specially crafted form-field markers like "$1:proto:then") so that the deserializer ends up setting a then handler on the prototype chain. That causes the runtime to treat crafted objects as Promise-like and invoke attacker-controlled functions (e.g., via constructor/constructor or other gadgets), enabling execution of native Node APIs (child_process.execSync, etc.) on the server. Datadog and several research write-ups show example payloads and a working PoC that uses "$1:proto:then" and "$1:constructor:constructor" to reach execSync. [3][1]

• Why the fix works: the upstream patch changes module export lookup to only return own properties (hasOwnProperty.call(moduleExports, name)), preventing lookup of polluted prototype properties like prototype.then from resolving to privileged exports. Upgrading to the patched React/Next.js releases is the recommended mitigation. [1][2][3]

Key references (read for payloads and walk‑throughs):

• React/Next.js advisories and analysis (summary + fixes). [2][4]
• Datadog Security Labs analysis with the PoC-style payload showing "$1:proto:then" and constructor abuse. [3]
• Vendor/research coverage (Wiz, Qualys, etc.) summarizing impact and mitigation. [2][5]

If you want, I can:

• paste the Datadog payload example and walk through each step, or
• scan your codebase/deps for vulnerable react-server packages and give exact upgrade commands.

---

🌐 Web query:

CVE-2025-55182 "_prefix" property injection React Server Components

💡 Result:

Short answer: Yes — CVE-2025-55182’s exploit chain abuses a crafted _response object (including a controlled _prefix) so the RSC deserializer ends up calling response._formData.get(response._prefix + id), which can be used to invoke the Function constructor and achieve RCE. Patch immediately. [1][2][3]

Details & references:

• React official advisory: critical RCE in React Server Components; upgrade to the patched releases. [1]
• Independent research / PoC analysis showing attack uses a fake chunk with _response._prefix and _formData.get and the $B handler that does response._formData.get(response._prefix + id). (exploit chain and code excerpts). [2]
• Telemetry/analysis showing in‑the‑wild scanning and payloads that set _response._prefix to attacker-controlled code. [3]

Action: upgrade react-server-dom-webpack / -parcel / -turbopack to the patched versions (19.0.1, 19.1.2, 19.2.1 or later) and update affected frameworks (Next.js patched releases) immediately; if you cannot patch, block/limit Server Function endpoints and apply WAF rules. See React advisory and national CERT advisories for recommended versions and mitigation steps. [1][4][5]

Sources:
[1] React team advisory (Dec 3, 2025).
[2] CVE-2025-55182 research / PoC (GitHub).
[3] Datadog Security Labs analysis (exploit telemetry).
[4] NVD entry for CVE-2025-55182.
[5] Canadian Cyber Centre / other national advisories.

---

🏁 Script executed:

#!/bin/bash
# Check the middleware test file for coverage of these patterns
cat test/unit/middleware.test.ts | head -200

Repository: gensecaihq/react2shell-scanner

Length of output: 6565

---

🏁 Script executed:

#!/bin/bash
# Search for any tests that might test detector patterns
rg -i "detectExploitPatterns|then_pollution|prefix_injection" test/unit/middleware.test.ts -A 3 -B 1

Repository: gensecaihq/react2shell-scanner

Length of output: 2285

---

Add tests for then_pollution and prefix_injection patterns.

The test suite has comprehensive coverage for most exploit patterns but lacks explicit tests for the two CVE-2025-55182-specific patterns. Add test cases for then_pollution and prefix_injection to match the existing test coverage for other patterns:

it('should detect then pollution attempts', () => {
  const payload = 'Object.prototype.then = function() {}';
  const result = detectExploitPatterns(payload);

  expect(result.detected).toBe(true);
  expect(result.patterns).toContain('then_pollution');
  expect(result.severity).toBe('high');
});

it('should detect _prefix injection', () => {
  const payload = '{"_prefix": "malicious"}';
  const result = detectExploitPatterns(payload);

  expect(result.detected).toBe(true);
  expect(result.patterns).toContain('prefix_injection');
  expect(result.severity).toBe('high');
});

🤖 Prompt for AI Agents

In src/middleware/detector.ts around lines 32 to 45, tests are missing for the
two CVE-2025-55182 patterns (then_pollution and prefix_injection); add two unit
tests alongside the existing pattern tests that feed a payload containing
"Object.prototype.then = function() {}" and '{"_prefix":"malicious"}'
respectively, call detectExploitPatterns(payload), assert result.detected ===
true, assert result.patterns contains 'then_pollution' / 'prefix_injection', and
assert result.severity === 'high' so the new regexes are covered the same way as
the other exploit patterns.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Pattern may be bypassed with different quote styles.

The pattern only matches "_prefix" with double quotes. Attackers could bypass this by using:

• Single quotes: '_prefix':
• No quotes (JavaScript object literal): _prefix:
• Escaped quotes: \"_prefix\":

Consider a more flexible pattern:

   {
     name: 'prefix_injection',
-    pattern: /"_prefix"\s*:/i,
+    pattern: /["']?_prefix["']?\s*:/i,
     severity: 'high' as const,
     description: 'Potential _prefix property injection',
   },

This matches _prefix with optional quotes. If escaped quote scenarios are possible, you may need a more sophisticated pattern or pre-processing.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// _prefix property injection (CVE-2025-55182 exploit technique)
	{
	name: 'prefix_injection',
	pattern: /"_prefix"\s*:/i,
	severity: 'high' as const,
	description: 'Potential _prefix property injection',
	},
	// _prefix property injection (CVE-2025-55182 exploit technique)
	{
	name: 'prefix_injection',
	pattern: /["']?_prefix["']?\s*:/i,
	severity: 'high' as const,
	description: 'Potential _prefix property injection',
	},

🤖 Prompt for AI Agents

In src/middleware/detector.ts around lines 39 to 45, the current pattern only
matches "_prefix" with double quotes and can be bypassed with single quotes, no
quotes, or escaped quotes; replace the regex with one that accepts optional
surrounding quotes (single or double), allows escaped quote characters, and
still requires the colon and optional whitespace afterwards (or alternatively
unescape input before matching), and update the severity/description unchanged.