cross-pollinationlisted

# Cross-Pollination -- Multiplying Findings ## When to Use After confirming a vulnerability in package-A, use this technique to find the same vulnerable pattern in packages B through Z. One finding can multiply into 5-20 findings. ## The Multiplier Effect | Starting Finding | Pattern | Typical Yield | |-----------------|---------|--------------| | Entity expansion in XML parser A | All XML parsers with no entity limit | 3-8 findings | | Zip Slip in archive lib A | All archive extraction libs | 2-5 findings | | Proto pollution in merge lib A | All deep merge/clone libs | 5-10 findings | | ReDoS in validator A | All validators using same regex pattern | 3-7 findings | | Code injection in schema validator A | All schema validators with code gen | 2-5 findings | | Recursion DoS in serializer A | All recursive serializers | 5-15 findings | | Method clobbering in parser A | All parsers creating objects from input | 3-8 findings | ## Process ### Step 1: Confirm the Original Finding Before cross-pollinating, ensure the original finding is confirmed: - PoC works - fp-check passes - Submitted or ready to submit ### Step 2: Extract the Vulnerable Pattern Identify the core vulnerable code pattern as a regex: ``` # Example: recursive function without depth limit Pattern: function\s+\w+\(.*\)\s*\{.*\w+\( (self-call without depth check) # Example: new Function with template literal Pattern: new\s+Function\s*\(.*\$\{ # Example: path.join without startsWith check Pattern: path\.j