sonnyp
commented
4 years ago If required I can submit a POC through a secured channel. Thanks.
Yes please, email in my profile.
Closed gkmr507 closed 4 years ago
sonnyp
commented
4 years ago If required I can submit a POC through a secured channel. Thanks.
Yes please, email in my profile.
sonnyp
commented
4 years ago Never mind, I could reproduce - working on a fix.
gkmr507
commented
4 years ago Thanks for the quick response and fix. But the issue is still reproducible. Sent a mail with POC(how to reproduce) and opened an issue in HackerOne as well. Ref: https://hackerone.com/reports/980649
sonnyp
commented
4 years ago Oops sorry about that I went too fast.
Fixed in 1.0.3
Thank you for the report.
Prototype Pollution: This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior, which may allow obtaining sensitive information/DoS/RCE.
If required I can submit a POC through a secured channel. Thanks.