Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Avoid iterating over prototype properties #437

Merged
merged 1 commit into from Oct 11, 2022
Merged

fix: Avoid iterating over prototype properties #437

merged 1 commit into from Oct 11, 2022

Conversation

karfau
Copy link
Member

@karfau karfau commented Oct 11, 2022

by adding hasOwnProperty checks.

#436

@karfau karfau marked this pull request as draft October 11, 2022 02:48
@karfau karfau marked this pull request as ready for review October 11, 2022 03:02
@karfau karfau merged commit 6956ec4 into master Oct 11, 2022
18 checks passed
@karfau karfau deleted the avoid-in branch October 11, 2022 03:02
by adding `hasOwnProperty` checks.

#436
@karfau karfau added this to the 0.9.0 milestone Oct 11, 2022
chrisvariety added a commit to thoughtindustries/saml2 that referenced this pull request Oct 13, 2022
bbyars added a commit to bbyars/mountebank that referenced this pull request Oct 16, 2022
mfulton26 added a commit to mfulton26/expo-cli that referenced this pull request Oct 19, 2022
[Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom · CVE-2022-37616 · GitHub Advisory Database](GHSA-9pgh-qqpf-7wqj)

`@xmldom/xmldom` has already been patched:

[fix: Avoid iterating over prototype properties by karfau · Pull Request expo#437 · xmldom/xmldom](xmldom/xmldom#437)

newer versions exist but this is the latest patch version and there shoudln't be any breaking changes

`yarn build` and `yarn test`
EvanBacon pushed a commit to expo/expo-cli that referenced this pull request Oct 28, 2022
[Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom · CVE-2022-37616 · GitHub Advisory Database](GHSA-9pgh-qqpf-7wqj)

`@xmldom/xmldom` has already been patched:

[fix: Avoid iterating over prototype properties by karfau · Pull Request #437 · xmldom/xmldom](xmldom/xmldom#437)

newer versions exist but this is the latest patch version and there shoudln't be any breaking changes

`yarn build` and `yarn test`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant