Prototype Pollution vulnerability affecting @salesforce/kit module, version 3.0.15

forcedotcom / kit

BSD 3-Clause "New" or "Revised" License

3 stars 2 forks source link

Prototype Pollution vulnerability affecting @salesforce/kit module, version 3.0.15 #307

Open mestrtee opened 7 months ago

mestrtee commented 7 months ago

Details of this report sent privately to security@salesforce.com

WillieRuemmele commented 6 months ago

Hi @mestrtee - thanks for reporting. Are you still seeing this behavior in the latest version, 3.1.0?

mestrtee commented 3 months ago

Hi @mestrtee - thanks for reporting. Are you still seeing this behavior in the latest version, 3.1.0?

Thanks for updating this report. I have tested the versions > 3.1.0 to the latest and all are fixed. The versions <= 3.1.0 are vulnerable. Could you please proceed to assign a CVE for the vulnerable version? This will help in tracking the issue and ensuring that users are aware of the security update.

Thank you for your prompt action.