Skip to content

Resolve vulnerability: Prototype Pollution in aws-sdk

Description:

If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles, they will pollute the prototype on the application. This can be exploited further depending on the context.

  • Severity: critical
  • Confidence: unknown
  • Location: yarn.lock

Solution:

Upgrade to version 2.814.0 or above.

Identifiers:

Links:

Merge request reports