Prototype Pollution in querystringify

Severity:: High

Description

A vulnerability was found in querystringify before 2.0.0. It’s possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string.

Recommendation

Update the querystringify package to the latest compatible version. Followings are version details:

Affected version(s): < 2.0.0
Patched version(s): 2.0.0

References

GHSA-hxcm-v35h-mg2x
CWE-1321

Related Issues

jquery-plugin-query-object contains prototype pollution vulnerability - CVE-2021-20083
matrix-js-sdk Prototype Pollution vulnerability - CVE-2022-36059
Prototype Pollution in lodash.defaultsdeep - Vulnerability
Prototype Pollution in json-logic-js - Vulnerability

Tags:: npm; querystringify

Anything's wrong? Let us know Last updated on November 29, 2023