Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-44906 #937

Closed
romainmenke opened this issue Mar 21, 2022 · 1 comment · Fixed by #931
Closed

CVE-2021-44906 #937

romainmenke opened this issue Mar 21, 2022 · 1 comment · Fixed by #931

Comments

@romainmenke
Copy link

GHSA-xvch-5gv4-984h

Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
  json5  1.0.0-beta - 2.2.0
  Depends on vulnerable versions of minimist
  node_modules/loader-utils/node_modules/json5
    loader-utils  1.2.0 - 1.4.0
    Depends on vulnerable versions of json5

This was fixed in version 2 of json5 :

https://github.com/json5/json5

But not in version 1.


This might be resolved by updating loader-utils as it has no dependencies.

https://github.com/webpack/loader-utils/blob/master/package.json#L6

@romainmenke
Copy link
Author

Thank you for shipping this so quickly!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant