Skip to content

/ winston-loggly-bulk

forked from winstonjs/winston-loggly
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability due to usage of lodash.clonedeep:4.5.0 #67

Open
Mohammad-sabbagh opened this issue Nov 15, 2020 · 0 comments
Open

Vulnerability due to usage of lodash.clonedeep:4.5.0 #67

Mohammad-sabbagh opened this issue Nov 15, 2020 · 0 comments

Comments

@Mohammad-sabbagh
Copy link

@Mohammad-sabbagh Mohammad-sabbagh commented Nov 15, 2020

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

details https://ossindex.sonatype.org/vuln/12e63c9c-b3f9-42d3-8541-dca1b72cad69
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@Mohammad-sabbagh
You can’t perform that action at this time.