New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🚨 Potential Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
#577
Comments
|
Do we have any updates on this? |
|
Hey Team, do we have any updates here please?? |
|
Happy to review a PR - I don’t have bandwidth to do any more right now.
… On Jul 30, 2021, at 12:49 PM, Sourav Kumar ***@***.***> wrote:
Hey Team, do we have any updates here please??
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#577 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABNSMS2TDHOLKI4BCAMCOOTT2L62ZANCNFSM44O5C3KQ>.
|
|
Hey @crobinson42 , I understand your concern but once could you validate the bug please. It's a prototype pollution vulnerability and I found two of them in js-data, JS-data is being used in other repos which might be also vulnerable due to this. |
|
Hey all it's been 8 months and a CVE was published now . Is there a chance that #579 will fix the vulnerability? |
|
@crobinson42 Could you review PR #579 to see if that would fix it please? |
|
v3.0.11 published https://www.npmjs.com/package/js-data |
Next Steps
Confused or need more help?
Join us on our Discord and a member of our team will be happy to help!🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
The text was updated successfully, but these errors were encountered: