[Pkg-javascript-devel] Bug#941227: buster-pu: package node-set-value/0.4.0-1+deb10u1
Xavier Guimard
yadd at debian.org
Thu Sep 26 19:11:41 BST 2019
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
node-set-value is vulnerable to prototype pollution (#941189,
CVE-2019-10747). I imported and adapted upstream patch and added a test
inspired from CVE report [1]. I think this could be safely added to next
buster point release.
Cheers,
Xavier
[1]: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
More information about the Pkg-javascript-devel
mailing list