npm / ini

An ini parser/serializer in JavaScript

[BUG] Prototype Pollution [High Severity]

mattpilleul opened this issue 4 years ago · comments

Matthieu Pilleul commented 4 years ago

What / Why

High Severity security issue with ini@1.3.5

When

Whenever I launch a Snyk Dependencies Audit.

Current Behavior

Can't user bcrypt@5.0.0 with this current security issue.

Images

https://postimg.cc/vxRg3cHg | Snyk Audit
https://postimg.cc/Zvr9g4Cf | Yarn.lock

ExE Boss commented 4 years ago

This was fixed in v1.3.6 (56d2805).