CVE-2020-7598 minimist improper input validation before version 1.2.2

bower / bower

A package manager for the web

bower.io

MIT License

14.99k stars 1.85k forks source link

Closed clepore closed 3 years ago

clepore commented 3 years ago

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

⚠️ Threat level: Medium

sheerun commented 3 years ago

Bower for some time is using version 0.2.1 which is patched