Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Minimist vulnerability CVE-2021-44906
See original GitHub issuePlease bump tsconfig-paths dependencies.
minimist <=v1.2.5 brings in security vulnerability which affect all packages that depends on tsconfig-paths, including the json5 package also used in this package.
json5 already addresses this minimist issue in their latest version v2.2.1.
As for minimist it self, based on discussion here a migration to an alternative package or other up-to-date fork maybe needed.
Issue Analytics
- State:
- Created a year ago
- Reactions:7
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Prototype Pollution in minimist | CVE-2021-44906 | Snyk
This vulnerability is a bypass to CVE-2020-7598. The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020- ...
Read more >CVE-2021-44906 Detail - NVD
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). Severity.
Read more >Prototype Pollution in minimist · CVE-2021-44906 - GitHub
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Read more >Vulnerability Details : CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). Publish Date : 2022-03-17 Last Update Date ...
Read more >CVE-2021-44906 Prototype Pollution in minimist
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). I don't know how ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@F3n67u it seems that the issue did not actually got fixed by #197 Upon checking
npm ls json5, thetsconfig-paths@3.14.1is still depending onjson5@1.0.1minimisthas released new version to address the security issue. So I guess the only thing left todo is just bumping theminimistversion intsconfig-pathsto v1.2.6