GHSA-m56h-5xx3-2jc2: Prototype pollution in jsii.configureCategories
jsii is a TypeScript to JavaScript compiler that also extracts an interface definition manifest to generate RPC stubs in various programming languages. jsii is typically used as a command-line tool, but it can also be loaded as a library.
When loaded as a library into a larger application, prototype pollution may happen if untrusted user input is passed to the library. When used as a command line-tool, this pollution cannot occur.
References
- github.com/advisories/GHSA-m56h-5xx3-2jc2
- github.com/aws/jsii-compiler
- github.com/aws/jsii-compiler/releases/tag/v5.4.46
- github.com/aws/jsii-compiler/releases/tag/v5.5.15
- github.com/aws/jsii-compiler/releases/tag/v5.6.4
- github.com/aws/jsii-compiler/releases/tag/v5.7.3
- github.com/aws/jsii-compiler/security/advisories/GHSA-m56h-5xx3-2jc2
Detect and mitigate GHSA-m56h-5xx3-2jc2 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →