You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
backbone-query-parameters is vulnerable to prototype pollution (CVE-2021-20085). The readme indicates this package has been unmaintained going on six years, so I'm not opening this issue with the expectation that it will get fixed. I'm opening it to raise awareness since this was reported to npm, and they've indicated they're not going to publish a security advisory. If you're using this package, I think the only options to address this vulnerability are:
backbone-query-parameters is vulnerable to prototype pollution (CVE-2021-20085). The readme indicates this package has been unmaintained going on six years, so I'm not opening this issue with the expectation that it will get fixed. I'm opening it to raise awareness since this was reported to npm, and they've indicated they're not going to publish a security advisory. If you're using this package, I think the only options to address this vulnerability are:
References:
The text was updated successfully, but these errors were encountered: