CVE-2022-25871: Prototype Pollution in querymen

June 17, 2022 (updated June 28, 2022)

All versions of package querymen is vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600.

References

github.com/advisories/GHSA-p23c-p8w2-ww5v
nvd.nist.gov/vuln/detail/CVE-2022-25871
snyk.io/vuln/SNYK-JS-QUERYMEN-2391488

Detect and mitigate CVE-2022-25871 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →