[GHSA-xvch-5gv4-984h] Prototype Pollution in minimist

[ljharb]

Updates

• Affected products
• Description
• References

Comments
Published a backport.

[shelbyc]

Good morning @ljharb, thanks for letting us know what's going on with the backport to 0.2.4. I changed the description and want to know if this is still accurate:

Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file `index.js`, function `setKey()` (lines 69-95).

As an aside, if you or other maintainers want the CVE description to be updated, MITRE is the CVE numbering authority for CVE-2021-44906 and update requests can be sent to https://cveform.mitre.org/ .

[advisory-database]

Hi @ljharb! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

[ljharb]

@shelbyc yes, that's still accurate, thanks