Resolve vulnerability: Prototype Pollution in aws-sdk (!3129) · Merge requests · GitLab.org / GitLab

GitLab Security Bot requested to merge remediate/prototype-pollution-in-aws-sdk-D20210806T032517 into master Aug 06, 2021

Description:

If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles, they will pollute the prototype on the application. This can be exploited further depending on the context.

Severity: critical
Confidence: unknown
Location: yarn.lock

Solution:

Upgrade to version 2.814.0 or above.

Identifiers:

Gemnasium-3d4bca0d-97ee-47a5-9251-a7924d950785
CVE-2020-28472

Admin message

Admin message

Resolve vulnerability: Prototype Pollution in aws-sdk

Description:

Solution:

Identifiers:

Links:

Merge request reports