Prototype pollution in gsap

Description

There is a prototype pollution vulnerability in gsap which affects all versions before 3.6.0.

Recommendation

Update the gsap package to the latest compatible version. Followings are version details:

• Affected version(s): < 3.6.0
• Patched version(s): 3.6.0

References

• GHSA-6g8v-hpgw-h2v7
• snyk.io
• www.npmjs.com
• CVE-2020-28478
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype Pollution in systeminformation - CVE-2020-26245
• shvl vulnerable to prototype pollution - CVE-2020-28278
• Prototype Pollution in asciitable.js - CVE-2020-7771
• yargs-parser Vulnerable to Prototype Pollution - CVE-2020-7608

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

gsap