Update deep-extend after vulnerability is fixed

dominictarr / rc

The non-configurable configuration loader for lazy people.

Other

1.02k stars 97 forks source link

Update deep-extend after vulnerability is fixed #110

Closed lc3t35 closed 6 years ago

lc3t35 commented 6 years ago

deep-extend is vulnerable to prototype pollution attacks (https://github.com/unclechu/node-deep-extend/issues/39). The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects. Please update as soon as deep-extend is updated

dominictarr commented 6 years ago

sure, let me know when this is fixed in deep-extend

schorfES commented 6 years ago

Hello, I've seen the vulnerability has been fixed in release v0.5.1.

dominictarr commented 6 years ago

fixed in rc@1.2.7