You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have identified a security vulnerability in the OSCAL project's dependency chain. The package ajv-cli relies on an outdated version of fast-json-patch, which contains a Prototype Pollution vulnerability. This issue has been documented as:
fast-json-patch <3.1.1
Severity: high (unknown)
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - GHSA-8gh8-hqwg-xf34
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/fast-json-patch
ajv-cli >=0.7.0
Depends on vulnerable versions of fast-json-patch
node_modules/ajv-cli
Other comments
No response
Revisions
No response
The text was updated successfully, but these errors were encountered:
Describe the bug
I have identified a security vulnerability in the OSCAL project's dependency chain. The package ajv-cli relies on an outdated version of fast-json-patch, which contains a Prototype Pollution vulnerability. This issue has been documented as:
Vulnerability ID: GHSA-8gh8-hqwg-xf34
Affected Versions: fast-json-patch versions < 3.1.1
The vulnerability allows for Prototype Pollution.
Who is the bug affecting
What is affected by this bug
CI/CD
How do we replicate this issue
npm audit
Expected behavior (i.e. solution)
fast-json-patch <3.1.1
Severity: high (unknown)
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - GHSA-8gh8-hqwg-xf34
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/fast-json-patch
ajv-cli >=0.7.0
Depends on vulnerable versions of fast-json-patch
node_modules/ajv-cli
Other comments
No response
Revisions
No response
The text was updated successfully, but these errors were encountered: