Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk: High Severity] prototype pollution (Due: 08/16/2020) #3919

Closed
2 tasks
Tracked by #137
jason-upchurch opened this issue Jul 17, 2020 · 0 comments · Fixed by #3922
Closed
2 tasks
Tracked by #137

[Snyk: High Severity] prototype pollution (Due: 08/16/2020) #3919

jason-upchurch opened this issue Jul 17, 2020 · 0 comments · Fixed by #3922
Assignees
@jason-upchurch
Labels
Security: high Remediate within 30 days
Milestone
Sprint 13.1

Comments

@jason-upchurch
Copy link
Contributor

jason-upchurch commented Jul 17, 2020
edited

Summary

Snyk reports high-severity vulnerability:

Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-AJV-584908] in ajv@6.10.2 

introduced by 

request@2.88.0 > har-validator@5.1.3 > ajv@6.10.2

This issue was fixed in versions: 6.12.3

Technical considerations:
@jason-upchurch jason-upchurch added the Security: high Remediate within 30 days label Jul 17, 2020
@jason-upchurch jason-upchurch added this to the Sprint 13.2 milestone Jul 17, 2020
@jason-upchurch jason-upchurch changed the title [Synk: High Severity] prototype pollution in har-validator (Due: 8/27/2020) [Synk: High Severity] prototype pollution (Due: 8/27/2020) Jul 17, 2020
@jason-upchurch jason-upchurch changed the title [Synk: High Severity] prototype pollution (Due: 8/27/2020) [Synk: High Severity] prototype pollution (Due: 08/27/2020) Jul 17, 2020
@jason-upchurch jason-upchurch changed the title [Synk: High Severity] prototype pollution (Due: 08/27/2020) [Snyk: High Severity] prototype pollution (Due: 08/27/2020) Jul 17, 2020
@JonellaCulmer JonellaCulmer changed the title [Snyk: High Severity] prototype pollution (Due: 08/27/2020) [Snyk: High Severity] prototype pollution (Due: 08/17/2020) Jul 17, 2020
@jason-upchurch jason-upchurch changed the title [Snyk: High Severity] prototype pollution (Due: 08/17/2020) [Snyk: High Severity] prototype pollution (Due: 08/16/2020) Jul 17, 2020
@jason-upchurch jason-upchurch self-assigned this Jul 17, 2020
@jason-upchurch jason-upchurch mentioned this issue Jul 17, 2020
Merged
6 tasks
@patphongs patphongs mentioned this issue Feb 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jason-upchurch jason-upchurch

Labels
Security: high Remediate within 30 days
Projects
None yet
Milestone
Sprint 13.1
Development

Successfully merging a pull request may close this issue.

add ajv to package.json fecgov/fec-cms
2 participants
@JonellaCulmer @jason-upchurch