Bug#991524: unblock: node-jszip/3.5.0+dfsg-2
Le 26/07/2021 à 22:01, Yadd a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Please unblock package node-jszip
>
> [ Reason ]
> node-jszip is vulnerable to a prototype pollution: rafting a new zip file
> with filenames set to Object prototype values (e.g __proto__, toString,
> etc) results in a returned object with a modified prototype instance.
Ref: CVE-2021-23413
Reply to: