Source: node-node-forge Version: 0.9.1~dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.8.1~dfsg-1
Hi, The following vulnerability was published for node-node-forge. CVE-2020-7720[0]: | The package node-forge before 0.10.0 is vulnerable to Prototype | Pollution via the util.setPath function. Note: Version 0.10.0 is a | breaking change removing the vulnerable functions. As noted the fix consists removing the function as whole, so might break users of the module accordingly. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-7720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7720 [1] https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 [2] https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
