org.webjars.npm:minimist@1.2.5 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:minimist package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Prototype Pollution org.webjars.npm:minimist is a parse argument options module. Affected versions of this package are vulnerable to Prototype Pollution due to a missing handler to `Function.prototype`. Notes: This vulnerability is a bypass to CVE-2020-7598 The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function. How to fix Prototype Pollution? Upgrade `org.webjars.npm:minimist` to version 1.2.6 or higher.	[,1.2.6)

org.webjars.npm:minimist is a parse argument options module.

Affected versions of this package are vulnerable to Prototype Pollution due to a missing handler to Function.prototype.

Notes:

This vulnerability is a bypass to CVE-2020-7598
The reason for the different CVSS between CVE-2021-44906 to CVE-2020-7598, is that CVE-2020-7598 can pollute objects, while CVE-2021-44906 can pollute only function.

How to fix Prototype Pollution?

Upgrade org.webjars.npm:minimist to version 1.2.6 or higher.

[,1.2.6)