-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🚨 Potential Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) #577
Comments
Do we have any updates on this? |
Hey Team, do we have any updates here please?? |
Happy to review a PR - I don’t have bandwidth to do any more right now.
… On Jul 30, 2021, at 12:49 PM, Sourav Kumar ***@***.***> wrote:
Hey Team, do we have any updates here please??
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#577 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABNSMS2TDHOLKI4BCAMCOOTT2L62ZANCNFSM44O5C3KQ>.
|
Hey @crobinson42 , I understand your concern but once could you validate the bug please. It's a prototype pollution vulnerability and I found two of them in js-data, JS-data is being used in other repos which might be also vulnerable due to this. |
Hey all it's been 8 months and a CVE was published now . Is there a chance that #579 will fix the vulnerability? |
@crobinson42 Could you review PR #579 to see if that would fix it please? |
v3.0.11 published https://www.npmjs.com/package/js-data |
👋 Hello, @jmdobry, @crobinson42, @stalniy - a potential high severity Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) vulnerability in your repository has been disclosed to us.
Next Steps
1️⃣ Visit https://huntr.dev/bounties/4-other-js-data/js-data for more advisory information.
2️⃣ Sign-up to validate or speak to the researcher for more assistance.
3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.
Confused or need more help?
Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
The text was updated successfully, but these errors were encountered: