🚨 Potential Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) #577
Comments
|
Do we have any updates on this? |
|
Hey Team, do we have any updates here please?? |
|
Happy to review a PR - I don’t have bandwidth to do any more right now.
… On Jul 30, 2021, at 12:49 PM, Sourav Kumar ***@***.***> wrote:
Hey Team, do we have any updates here please??
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#577 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABNSMS2TDHOLKI4BCAMCOOTT2L62ZANCNFSM44O5C3KQ>.
|
|
Hey @crobinson42 , I understand your concern but once could you validate the bug please. It's a prototype pollution vulnerability and I found two of them in js-data, JS-data is being used in other repos which might be also vulnerable due to this. |
4 tasks
|
Hey all it's been 8 months and a CVE was published now . Is there a chance that #579 will fix the vulnerability? |
|
@crobinson42 Could you review PR #579 to see if that would fix it please? |
|
v3.0.11 published https://www.npmjs.com/package/js-data |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
👋 Hello, @jmdobry, @crobinson42, @stalniy - a potential high severity Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) vulnerability in your repository has been disclosed to us.
Next Steps
1️⃣ Visit https://huntr.dev/bounties/4-other-js-data/js-data for more advisory information.
2️⃣ Sign-up to validate or speak to the researcher for more assistance.
3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.
Confused or need more help?
Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
The text was updated successfully, but these errors were encountered: