Black Duck Error Report BDSA-2021-4505 RCE in mapObjIndexed
SenthilManickavel opened this issue · comments
SenthilManickavel commented
Black Duck Vulnerability report
Ramda is vulnerable to a prototype pollution attack due to insufficient protections in the source/mapObjIndexed.js. A remote attacker may be able to execute arbitrary code, or cause a denial-of-service (DoS) by tricking the application into modifying or adding properties of Object.prototype.
Note: The vendor questions the validity of this vulnerability and has raised a dispute with Mitre here.