Description
Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Recommendation
Update the mithril package to the latest compatible version. Followings are version details:
Affected version(s): **>= 2.0.0, < 2.0.2 < 1.1.7** Patched version(s): **2.0.2 1.1.7**
References
Related Issues
- @thi.ng/paths Prototype Pollution vulnerability - CVE-2024-29650
- tough-cookie Prototype Pollution vulnerability - CVE-2023-26136
- angular Prototype Pollution vulnerability - CVE-2019-10768
- @intlify/shared Prototype Pollution vulnerability - CVE-2024-52810
You might also like:
- Tags:
- npm
- mithril
Anything's wrong? Let us know Last updated on January 09, 2023


