High severity security vulnerability in dot-prop
See original GitHub issueSeeing the following:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Prototype Pollution
Package dot-prop
Patched in >=5.1.1
Dependency of gatsby
Path gatsby > devcert > configstore > dot-prop
More info https://npmjs.com/advisories/1213
High Prototype Pollution
Package dot-prop
Patched in >=5.1.1
Dependency of gatsby
Path gatsby > gatsby-cli > update-notifier > configstore >
dot-prop
More info https://npmjs.com/advisories/1213
How do we go about getting dot-prop updated for these components of gatsby?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:7
- Comments:17 (6 by maintainers)
Top Results From Across the Web
Facing vulnerability security issue for dot-prop when updating ...
After updating npm to the latest, I ran npm audit and got two vulnerabilities for the dot-prop package dependency which is showing under...
Read more >dot-prop - Snyk Vulnerability Database
version published direct vulnerabilities
7.2.0 16 Feb, 2022 0. C. 0. H. 0. M. 0. L
7.1.1 22 Jan, 2022 0. C. 0. H. 0....
Read more >CVE-2020-8116 Detail - NVD
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 ... CVSS 3.x Severity and Metrics: ... Base Score: 7.3 HIGH.
Read more >Resolve NPM security vulnerabilities - Payam Mousavi - Medium
No sign of those found N high severity vulnerabilities in scanned packages ... It says, the dot-prop package has a security issue which...
Read more >dot-prop Prototype Pollution vulnerability - Vulners
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 ... Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
gatsbybot got a little hasty there, still needs devcert to be patched
Fixing this is important & urgent.