-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mkdirp is vulnerable to prototype pollution #4638
Comments
The issue is version pinning to exactly Even though Please update the dependency to (preferably) 1.x, minimally to |
This is now considered a high severity vulnerability. CVE score: Critical 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7598 |
+1 |
please prioritize this because it's breaking our builds, thanks |
PM2 4.3.0 published: npm install pm2@latest -g
pm2 update |
What's going wrong?
npm audit
report a low severity vulnerability in themkdirp
version used bypm2
.How could we reproduce this issue?
Supporting information
The vulnerable package is also a dev dependency (of
mocha
).The text was updated successfully, but these errors were encountered: