Описание
Grunt-karma vulnerable to prototype pollution
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-37602
- https://github.com/karma-runner/grunt-karma/issues/311
- https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L109
- https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L26
Пакеты
Наименование
grunt-karma
npm
Затронутые версииВерсия исправления
<= 4.0.1
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.