Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItΒ collects links to all the places you might be looking at while hunting down a tough bug.
And, if youβre still stuck at the end, weβre happy to hop on a call to see how we can help out.
npm audit reports a Prototype Pollution
See original GitHub issueHello, βnpm auditβ reports a βPrototype Pollutionβ issue due to your βlodashβ < 4.17.5 dependency. Would you mind to check?
$ npm audit
=== npm audit security report ===
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Manual Review β
β Some vulnerabilities require your attention to resolve β
β β
β Visit https://go.npm.me/audit-guide for additional guidance β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Low β Prototype Pollution β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Package β lodash β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Patched in β >=4.17.5 β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Dependency of β quasar-cli [dev] β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Path β quasar-cli > ouch > lodash β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β More info β https://nodesecurity.io/advisories/577 β
βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
found 1 low severity vulnerability in 13536 scanned packages
1 vulnerability requires manual review. See the full report for details.
Many thanks Cheers, Francesco
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
What is prototype pollution and why is it such a big deal?
Now before we all panic, prototype pollution isn't exactly an easy ... the npm-audit command and you can mostly fix it automatically.
Read more >npm-audit-report@1.1.0 vulnerabilities - Snyk
Learn more about npm-audit-report@1.1.0 vulnerabilities. npm-audit-report@1.1.0 ... Affected versions of this package are vulnerable to Prototype Pollution.
Read more >npm audit security report - Prototype Pollution #1146 - GitHub
=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide forΒ ...
Read more >Prototype Pollution - npm vulnerability can't be fixed?
I am starting a new react project, and I just installed the very basic package (npx create-react-app) without anything else. When I run...
Read more >yarn-audit-fix - npm
Start using yarn-audit-fix in your project by running `npm i ... 2s # npm audit report lodash <=4.17.18 Severity: high Prototype Pollution ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@harishanchu thank you, sir. Please let me know if you need any further information or help
@fansanelli @ssuess Sorry, I didnβt get time to look into this. I will work on it this weekend.