Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Hi, node-set-value is vulnerable to prototype pollution (#941189, CVE-2019-10747). I imported and adapted upstream patch and added a test inspired from CVE report [1]. I think this could be safely added to next buster point release. Cheers, Xavier [1]: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
