Skip to content

Vulnerability in "minimist" found in package-lock.json #75

New issue
New issue
Open
Open
Vulnerability in "minimist" found in package-lock.json#75
@schubon

Description

@schubon
schubon
opened on Apr 14, 2020

Details

CVE-2020-7598

high severity
Vulnerable versions: < 0.2.1
Patched version: 0.2.1

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Remediation

Upgrade minimist to version 0.2.1 or later. For example:

"dependencies": {
  "minimist": ">=0.2.1"
}

or…

"devDependencies": {
  "minimist": ">=0.2.1"
}

Always verify the validity and compatibility of suggestions with your codebase.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions