Vulnerability	Vulnerable Version
M Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation due to the `this.lastSegment` variable in the `emit` function not being sanitized. An attacker can manipulate the `this.lastSegment` variable to set it to `__proto__`, leading to prototype pollution. Notes: 1)If the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications. How to fix Improper Input Validation? Upgrade `derby` to version 2.3.2, 3.0.2, 4.0.0-beta.11 or higher.	<2.3.2>=3.0.0 <3.0.2>=4.0.0-beta.2 <4.0.0-beta.11

Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation due to the this.lastSegment variable in the emit function not being sanitized. An attacker can manipulate the this.lastSegment variable to set it to __proto__, leading to prototype pollution.

Notes:

1)If the application author has atypical HTML templates that feed user input into an object key.

Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications.

How to fix Improper Input Validation?

Upgrade derby to version 2.3.2, 3.0.2, 4.0.0-beta.11 or higher.

<2.3.2>=3.0.0 <3.0.2>=4.0.0-beta.2 <4.0.0-beta.11

Go back to all versions of this package