GMS-2019-46: Prototype Pollution

June 7, 2019 (updated February 25, 2021)

A vulnerability was found in querystringify It’s possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.

References

github.com/advisories/GHSA-hxcm-v35h-mg2x
github.com/unshiftio/querystringify/commit/422eb4f6c7c28ee5f100dcc64177d3b68bb2b080
github.com/unshiftio/querystringify/pull/19

Code Behaviors & Features

Detect and mitigate GMS-2019-46 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →