Security issue in object-path dependency

Question

Security issue in object-path dependency

santiago-perez-axa opened this issue 3 years ago · comments

Santiago Pérez Fernández commented 3 years ago

There is a critical security issue with the actual version of object-path dependency.

For more details check GHSA-8v63-cqqc-6r2c

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution in object-path                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ object-path                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ json-templates                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ json-templates > object-path                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-8v63-cqqc-6r2c            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Santiago Pérez Fernández · Answer 1 · Mon Oct 11 2021 19:09:34 GMT+0800 (China Standard Time)

Hi @curran is it possible to have a version with this issue solved? I created the following PR #40