Skip to content
/ nestjs-config-lodash.set-vuln Public

Repository to demonstrate that the @nestjs/config has a vulnerable dependency

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shaunek/nestjs-config-lodash.set-vuln

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

nestjs-config-lodash.set-vuln

Repository to demonstrate that the @nestjs/config has a vulnerable dependency

Snyk vulnerability bulletin: https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032 Original HackerOne report for the lodash package: https://hackerone.com/reports/864701

Instructions to replicate vulnerability:

  • Install dependecies with npm install
    • Note that the only dependency is the @nestjs/config package
  • Run index.js with node index.js
  • Results show that the lodash.set package contains the Prototype Pollution vulnerability

About

Repository to demonstrate that the @nestjs/config has a vulnerable dependency

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages