GHSA-82jv-9wjw-pqh6: Prototype pollution in emit function

April 17, 2024

A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key.

Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn’t be an issue in practice for most applications.

References

github.com/advisories/GHSA-82jv-9wjw-pqh6
github.com/derbyjs/derby
github.com/derbyjs/derby/commit/24524e96f36976883c7c619811320428536bd4d0
github.com/derbyjs/derby/commit/465a0c2f6a77361eda4a09b77a8c94ba6a9da440
github.com/derbyjs/derby/security/advisories/GHSA-82jv-9wjw-pqh6

Code Behaviors & Features

Detect and mitigate GHSA-82jv-9wjw-pqh6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →