Vulnerability in the async dependency
RakhimAimaganbetov opened this issue · comments
We discussed about the vulnerability that scanned by npm audit
here with developer of node-java library that uses async
dependency. So, there is a vulnerability that a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. JFROG vulnerability scan also picked this up with the info above.
The issue in async
before 2.6.4 and 3.x before 3.2.2.
Could you please publish a new release with this vulnerability fixed?
Thank you in advance!
This would be on the node-java project to update their dependency. The bug is already fixed here.