Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Hi, node-set-value is vulnerable to prototype pollution (#941189, CVE-2019-10747). I imported and adapted upstream patch and added a test inspired from CVE report [1]. I think this could be safely added to next buster point release. Cheers, Xavier [1]: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
