arunbandari / mongo-gui

A web-based MongoDB graphical user interface
http://20.106.238.56:4321/
MIT License
290 stars 87 forks source link

Minimist <=1.2.5 is vulnerable to CVE-2021-44906 and should be upgraded to 1.2.6 #93

Open alexeiyarilovets opened 2 years ago

alexeiyarilovets commented 2 years ago

Minimist <=1.2.5 is vulnerable to CVE-2021-44906 that is critical

https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95)

Resolution: upgrarde minimist to 1.2.6