Prototype Pollution Vulnerability in "json8-merge-patch" #113
Comments
Yes please, email in my profile. |
|
Never mind, I could reproduce - working on a fix. |
|
Thanks for the quick response and fix. But the issue is still reproducible. Sent a mail with POC(how to reproduce) and opened an issue in HackerOne as well. |
|
Oops sorry about that I went too fast. Fixed in Thank you for the report. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prototype Pollution:
This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior, which may allow obtaining sensitive information/DoS/RCE.
If required I can submit a POC through a secured channel. Thanks.
The text was updated successfully, but these errors were encountered: