Minimist vulnerability CVE-2021-44906
See original GitHub issuePlease bump tsconfig-paths
dependencies.
minimist <=v1.2.5
brings in security vulnerability which affect all packages that depends on tsconfig-paths
, including the json5
package also used in this package.
json5
already addresses this minimist
issue in their latest version v2.2.1.
As for minimist
it self, based on discussion here a migration to an alternative package or other up-to-date fork maybe needed.
Issue Analytics
- State:
- Created a year ago
- Reactions:7
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Prototype Pollution in minimist | CVE-2021-44906 | Snyk
This vulnerability is a bypass to CVE-2020-7598. The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020- ...
Read more >CVE-2021-44906 Detail - NVD
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). Severity.
Read more >Prototype Pollution in minimist · CVE-2021-44906 - GitHub
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Read more >Vulnerability Details : CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). Publish Date : 2022-03-17 Last Update Date ...
Read more >CVE-2021-44906 Prototype Pollution in minimist
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). I don't know how ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@F3n67u it seems that the issue did not actually got fixed by #197 Upon checking
npm ls json5
, thetsconfig-paths@3.14.1
is still depending onjson5@1.0.1
minimist
has released new version to address the security issue. So I guess the only thing left todo is just bumping theminimist
version intsconfig-paths
to v1.2.6