Le 26/07/2021 à 22:01, Yadd a écrit : > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package node-jszip > > [ Reason ] > node-jszip is vulnerable to a prototype pollution: rafting a new zip file > with filenames set to Object prototype values (e.g __proto__, toString, > etc) results in a returned object with a modified prototype instance.
Ref: CVE-2021-23413