Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remediate High Set-value vulnerability #660

Open
Lilalamar opened this issue Dec 17, 2019 · 0 comments
Open

Remediate High Set-value vulnerability #660

Lilalamar opened this issue Dec 17, 2019 · 0 comments
Labels
security Ticket concerns platform security
Milestone
Q1 2020 Milestone 1

Comments

@Lilalamar
Copy link

Snyk reports the following High severity vulnerability in HumanCellAtlas/ingest-validator-js. Please remediate by the end of Q1 Milestone 1.

Description

set-value

Suggested Remediation

Upgrade set-value to version 2.0.1, 3.0.1 or higher.

Details

set-value is a package that creates nested values and any intermediaries using dot notation ('a.b.c') paths. Affected versions of this package are vulnerable to Prototype Pollution. The function set-value could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
@Lilalamar Lilalamar added the security Ticket concerns platform security label Dec 17, 2019
@Lilalamar Lilalamar added this to the Q1 2020 Milestone 1 milestone Dec 17, 2019
@MightyAx MightyAx removed their assignment Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Ticket concerns platform security
Projects
None yet
Milestone
Q1 2020 Milestone 1
Development

No branches or pull requests
2 participants
@MightyAx @Lilalamar