This repository has been archived by the owner on Jul 22, 2022. It is now read-only.
Jszip audit issue #348
Comments
goodyhkim
added a commit
to goodyhkim/excel4node
that referenced
this issue
Feb 17, 2022
natergj#348 Prototype Pollution - GHSA-jg8v-48h5-wgxg
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
jszip (which this has a dep on for 3.2.1) have a prototype pollution vulnerability. Crafting a new zip file with filenames set to Object prototype values (e.g proto, toString, etc) results in a returned object with a modified prototype instance.
Upgrade to version 3.7.0 or later
To Reproduce
npm auditExpected behavior
No audit issues
Environment (please complete the following information):
Additional context
The text was updated successfully, but these errors were encountered: