protractor > optimist > minimist Prototype Pollution
See original GitHub issueBug report
- Node Version:
v13.10.1
- Protractor Version:
5.4.3
- Angular Version:
9.1.0
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.2.1 <1.0.0 || >=1.2.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ protractor [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ protractor > optimist > minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1179 │
└───────────────┴──────────────────────────────────────────────────────────────┘
optimist is deprecated–maybe update to yargs?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:16
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Prototype Pollution in minimist | CVE-2020-7598 | Snyk
Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing ...
Read more >minimist - npm.io
Previous versions had a prototype pollution bug that could cause privilege escalation in some circumstances when handling untrusted user input.
Read more >Moderate Severity Vulnerabilities Due To Minimist - ADocLib
Let's have a look at how a Node.js CLI can lead to local privilege escalation Snyk published a medium severity prototype pollution security...
Read more >Prototype Pollution - npm vulnerability can't be fixed?
Right now there isn't an immediate fix. yargs-parser has breaking changes in the versions that have been released since the one pinned in ......
Read more >Detecting Node.js Prototype Pollution Vulnerabilities via ...
Prototype pollution is a type of vulnerability specific to prototype- based languages, such as JavaScript, which allows an adversary to pollute ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@alan-agius4 @kyliau: Considering the value of this patch i would suggest to issue a new release.
What do you think?
This could be relevant for many projects. Among the updates if anywone would like to review it i would kindly ask if we could try to include: https://github.com/angular/protractor/pull/5421
\cc @cnishina @sjelin @sjelin
The change has been completed by @alan-agius4 although it still hasn’t been merged in. Is there any estimate on when these changes will be merged and released?