[SNYK: Low]: [minimist- Prototype Pollution] [6/21/2022] #5098

cnlucas · 2022-04-06T16:23:17Z

minimist is a parse argument options module.

Affected versions of this package are vulnerable to Prototype Pollution due to a missing handler to Function.prototype. Note: this is a bypass to CVE-2020-7598
https://app.snyk.io/org/fecgov/project/d0baf872-87d8-4d68-80a5-cb52a6d0f57b#issue-SNYK-JS-MINIMIST-2429795

Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › multer@1.4.4 › mkdirp@0.5.5 › minimist@1.2.5

Completion Criteria
-[ ] minimist updated to 1.2.6

cnlucas added Security: low Remediate within 90 days Security: general General security concern or issue labels Apr 6, 2022

This was referenced Apr 6, 2022

Check logs Sprint 17.6 week 2(04/06/2022) #5087

Closed

Check logs Innovation sprint 17 week 1 #5095

Closed

This was referenced Apr 20, 2022

Check logs Innovation sprint 17 week 2 #5100

Closed

Check logs Innovation sprint 17 week 3 #5096

Closed

This was referenced May 4, 2022

Check logs sprint 18.1 week 1 #5112

Closed

Check logs sprint 18.1 week 2 #5113

Closed

pkfec added this to the Sprint 18.2 milestone May 12, 2022

JonellaCulmer assigned cnlucas May 17, 2022

cnlucas mentioned this issue May 18, 2022

Check logs sprint 18.2 week 1 #5130

Closed

This was referenced May 25, 2022

Check logs sprint 18.2 week 2 #5131

Closed

5098-Snyk upgrade minimist #5149

Merged

fec-jli closed this as completed in #5149 May 27, 2022

patphongs mentioned this issue Feb 29, 2024

Epic: Stability and reliability fecgov/fec-epics#137

Open

Provide feedback