Skip to content

Fix prototype pollution vulnerabilities #342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix prototype pollution vulnerabilities #342

wants to merge 1 commit into from

Conversation

kessiler
Copy link
Contributor

Fix CVE-2020-7637

Better description:
https://nvd.nist.gov/vuln/detail/CVE-2020-7637

While this PR is not merged in the upstream, feel free to use the direct commit hash.

Or kessiler@526bc64

@beeman
Copy link

beeman commented May 2, 2020

@NoNameProvided could you consider merging in this fix? GitHub repo's are complaining about it, it would be great if it could be fixed! 🙏

image

I think #341 is related but this PR seems more complete as it has a unit test.

@kessiler
Copy link
Contributor Author

kessiler commented May 7, 2020

@AeroNotix what else should we do to get this merged?

@AeroNotix
Copy link

I have no idea I just clicked approve because I approve. I don't have access to merge anything. I just want it merged, just like you.

@tbrannam
Copy link

tbrannam commented May 8, 2020

@MichalLytek any chance this is on your radar?

@MichalLytek
Copy link

@tbrannam not at all ☹️

@saulotoledo saulotoledo mentioned this pull request May 13, 2020
Closed
@cristianbriscaru
Copy link

Hi, I am having the same issue, any news as to when to pr is going to be merged ?

@tbrannam
Copy link

tbrannam commented Jun 6, 2020

@pleerock @NoNameProvided can this issue be resolved? Or is this project officially abandoned?

@stellar-noah stellar-noah mentioned this pull request Jun 8, 2020
Closed
@tbrannam
Copy link

tbrannam commented Jul 20, 2020
edited
Loading

@tbrannam not at all ☹️

@MichalLytek As a member of 'typestack' organization - are you able to inquire with the other members regarding this patch and/or repository?

@longtomjr
Copy link

@tbrannam not at all frowning_face

As a member of 'typestack' organization - are you able to inquire with the other members regarding this patch and/or repository?

#338 (comment)

@saulotoledo saulotoledo mentioned this pull request Jul 20, 2020
Merged
@jotamorais
Copy link
Member

@kessiler as @saulotoledo mentioned above, your commits were updated through the #367 as build/tests were failing after the migration to use jest/eslint.

Since it's now merged, I'm closing this PR.

Thank you for your contribution!

@jotamorais jotamorais closed this Jul 20, 2020
@github-actions
Copy link

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AeroNotix AeroNotix AeroNotix approved these changes

@jotamorais jotamorais jotamorais approved these changes

@stellar-noah stellar-noah stellar-noah approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@kessiler @beeman @AeroNotix @tbrannam @MichalLytek @cristianbriscaru @longtomjr @jotamorais @stellar-noah