Bug #22308: Ignore datatable prototype pollution - Rudder - Issue Tracker

Actions

Copy link

Bug #22308

closed

Ignore datatable prototype pollution

Added by Alexis Mousset about 1 year ago. Updated 9 months ago.

Status:

Released

Priority:

N/A

Assignee:

Vincent MEMBRÉ

Category:

Security

Target version:

old 6.2 issues to relocate

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

Checked

Regression:

Description

https://security.snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402

In general I feel this is very unlikely to be a problem since it requires the dev to have used constructor as their data property name (or a parameter part of it). Of course quite possible and we should protect against it, but I don't recall ever having seen anyone doing that.

We don't have anything named constructor.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #22308

Ignore datatable prototype pollution

Updated by Alexis Mousset about 1 year ago

Updated by Alexis Mousset about 1 year ago

Updated by Alexis Mousset about 1 year ago

Updated by Alexis Mousset about 1 year ago

Updated by Alexis Mousset about 1 year ago

Updated by Alexis Mousset 9 months ago