<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>@Prompty/Core - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/@prompty/core/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 17 Jul 2026 19:54:50 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/@prompty/core/feed.xml" rel="self" type="application/rss+xml"/><item><title>Arbitrary Code Execution via JavaScript Frontmatter in Prompty TypeScript Loader</title><link>https://feed.craftedsignal.io/briefs/2026-07-arbitrary-code-execution-prompty/</link><pubDate>Fri, 17 Jul 2026 19:54:50 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-arbitrary-code-execution-prompty/</guid><description>A high-severity vulnerability, CVE-2026-53597, in the Prompty TypeScript loader (`@prompty/core`) versions `&gt;= 2.0.0-alpha.1 &lt; 2.0.0-beta.3` allows arbitrary JavaScript code execution in the host Node.js process when parsing untrusted `.prompty` files due to improper handling of `gray-matter`'s executable frontmatter engines.</description><content:encoded><![CDATA[<p>A critical vulnerability, tracked as CVE-2026-53597, affects the Prompty TypeScript loader, specifically the <code>@prompty/core</code> npm package in versions <code>&gt;= 2.0.0-alpha.1</code> up to but not including <code>2.0.0-beta.3</code>. The vulnerability stems from the library's use of <code>gray-matter</code> for parsing frontmatter in <code>.prompty</code> files without properly disabling or overriding executable frontmatter engines. <code>gray-matter</code>, by default, supports and evaluates JavaScript frontmatter blocks, indicated by <code>---js</code>. This oversight allows an attacker to craft a malicious <code>.prompty</code> file containing arbitrary JavaScript code within such a block. When an application loads and parses this untrusted file, the embedded JavaScript is executed in the context of the host Node.js process, leading to arbitrary code execution. This poses a significant risk to applications that process user-provided or untrusted <code>.prompty</code> files, prompt paths, or prompt bundles.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious <code>.prompty</code> file containing a <code>---js</code> frontmatter block.</li>
<li>Within this JavaScript frontmatter block, the attacker embeds arbitrary JavaScript code designed to achieve their objective (e.g., remote code execution, data exfiltration).</li>
<li>The attacker delivers this malicious <code>.prompty</code> file to a victim organization, potentially through social engineering or by placing it in an accessible repository.</li>
<li>A victim application, utilizing the vulnerable <code>@prompty/core</code> package (versions <code>&gt;= 2.0.0-alpha.1 &lt; 2.0.0-beta.3</code>), loads or processes the untrusted <code>.prompty</code> file.</li>
<li>During the parsing process, <code>@prompty/core</code> invokes the <code>gray-matter</code> library to extract and process the file's frontmatter.</li>
<li>As <code>@prompty/core</code> does not override <code>gray-matter</code>'s default behavior, the <code>---js</code> frontmatter engine is activated and the embedded JavaScript code is evaluated.</li>
<li>The attacker's arbitrary JavaScript payload executes with the permissions of the Node.js process running the victim application.</li>
<li>This leads to arbitrary code execution on the host system, potentially enabling system compromise, data theft, or further lateral movement within the network.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Applications that load untrusted <code>.prompty</code> files or prompt bundles from less-trusted locations are susceptible to arbitrary JavaScript execution. If exploited, an attacker could execute arbitrary code within the host Node.js process, potentially leading to full system compromise, data exfiltration, or disruption of service. This can result in significant financial, reputational, and operational damage, depending on the privileges and sensitive data accessible by the compromised Node.js application. While specific victim counts are not available, any organization deploying applications using the vulnerable <code>@prompty/core</code> versions that handle untrusted inputs is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade the <code>@prompty/core</code> package to version <code>2.0.0-beta.3</code> or later immediately to remediate the CVE-2026-53597 vulnerability.</li>
<li>Ensure that application environments are configured to prevent the execution of untrusted code, even if a parsing vulnerability exists.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>arbitrary-code-execution</category><category>supply-chain</category><category>vulnerability</category><category>nodejs</category><category>typescript</category></item></channel></rss>