CVE-2020-28471: Object Prototype Pollution

July 19, 2022

Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution.

References

github.com/advisories/GHSA-jxvf-m3x5-mxwq
github.com/steveukx/properties/commit/0877cc871db9865f58dd9389ce99e61be05380a5
github.com/steveukx/properties/commit/4e4bc392ecfd0a128f48c1d69f64a0d7194fcaab
github.com/steveukx/properties/issues/40
security.snyk.io/vuln/SNYK-JS-PROPERTIESREADER-1048968

Code Behaviors & Features

Detect and mitigate CVE-2020-28471 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →