Prototype Pollution in mithril

Description

Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.

Recommendation

Update the mithril package to the latest compatible version. Followings are version details:

• Affected version(s): **>= 2.0.0, < 2.0.2

  < 1.1.7**

• Patched version(s): **2.0.2

  1.1.7**

References

• GHSA-c3px-v9c7-m734
• www.npmjs.com
• CWE-1321

Related Issues

• DOMPurify USE_PROFILES prototype pollution allows event handlers - Vulnerability
• Prototype Pollution in node-forge util.setPath API - Vulnerability
• Prototype Pollution in lodash.mergewith - Vulnerability
• Prototype Pollution in lodash.mergewith - lodash.mergewith - Vulnerability

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

mithril