Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Vulnerability detected: `set-value`
See original GitHub issueDescription
There is a vulnerable lib set-value: 2.0.0 with high severity, which is used by as transitive dependency of jest-extended.
The dependency tree is:
jest-extended -> expect -> jest-message-util -> micromatch -> snapdragon -> base-> cache-base -> set-value
Potential fix
As the transitive dependency is deep, I would update the version of expect and expect it’s gone.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Prototype Pollution in set-value | CVE-2021-23440 | Snyk
set-value is a package that creates nested values and any intermediaries using dot notation ('a.b.c') paths. Affected versions of this package ...
Read more >Prototype Pollution vulnerability found in set-value - Huntr.dev
set-value package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates.
Read more >Can vulnerable items be stopped from being created...
If you want to restrict the vulnerable items, you have to restrict the detections to be created in first place.
Read more >security vulnerability found in apex application — oracle-tech
This is a persistent (stored) XSS vulnerability, detected in an alert ... Yes value 12947391.126637 is valid , but they used to set...
Read more >set-value up to 4.0.0 Parameter path type confusion - VulDB
A vulnerability was found in set-value up to 4.0.0 and classified as critical. This issue affects some unknown processing of the component Parameter...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
After #333 lands we’ll make a new major release
https://github.com/jest-community/jest-extended/releases/tag/v1.0.0