CVE-2021-23413: Prototype Pollution

July 25, 2021 (updated August 27, 2021)

This affects the package jszip Crafting a new zip file with filenames set to Object prototype values (e.g proto, toString, etc) results in a returned object with a modified prototype instance.

References

nvd.nist.gov/vuln/detail/CVE-2021-23413

Code Behaviors & Features

Detect and mitigate CVE-2021-23413 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →