Grunt-karma vulnerable to prototype pollution

Description

Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 4.0.1

References

• GHSA-hcj4-xf6x-63wj
• CVE-2022-37602
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - GHSA-cfgr-75jx-h88g - CVE-2022-37623
• thlorenz browserify-shim vulnerable to prototype pollution - CVE-2022-37617
• thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - CVE-2022-37621
• Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks - CVE-2022-41879

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

grunt-karma