Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch request for vulnerability CVE-2022-2564 (prototype pollution) in version 5.x #12281

Closed
2 tasks done
shubanker opened this issue Aug 16, 2022 · 5 comments
Closed
2 tasks done

Patch request for vulnerability CVE-2022-2564 (prototype pollution) in version 5.x #12281

shubanker opened this issue Aug 16, 2022 · 5 comments

Comments

@shubanker
Copy link
Contributor

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the issue has not already been raised

Issue

we have a vulnerability CVE-2022-2564 for version 5.x. The CVS score is 7.0.

Please let us know if you will be providing a patch for 5.x.
We noticed that this was already fixed in 6.x with patch

It would be great if you can downport to 5.x at the earliest.
@shubanker shubanker changed the title Patch of vulnerability CVE-2022-2564 for version 5.x Patch request for vulnerability CVE-2022-2564 in version 5.x Aug 16, 2022
@shubanker shubanker changed the title Patch request for vulnerability CVE-2022-2564 in version 5.x Patch request for vulnerability CVE-2022-2564 (prototype pollution) in version 5.x Aug 16, 2022
@shubanker shubanker mentioned this issue Aug 19, 2022
Merged
@neeraj-vts
Copy link

@shubanker Github advisory GHSA-f825-f98c-gj3g is still showing fix version 6.4.6 . Does it take time generally to get updated there ?

@shubanker
Copy link
Contributor Author

@neeraj-vts not sure, maybe @vovikhangcdv or @vkarpov15 can help fix the status.

@Uzlopak
Copy link
Collaborator

Uzlopak commented Aug 25, 2022

It has to be manually reported to Github from the place where the security issue was created in the first place. So probably @vkarpov has to update it in huntr.dev

@neeraj-vts
Copy link

@vkarpov15 Could you update above please ?

@vkarpov15 vkarpov15 reopened this Sep 12, 2022
@vkarpov15 vkarpov15 modified the milestones: 6.5.6, 6.5.7 Sep 12, 2022
@Uzlopak Uzlopak mentioned this issue Sep 15, 2022
Closed
2 tasks
@vkarpov15
Copy link
Collaborator

It looks like this was already fixed, GHSA-f825-f98c-gj3g lists 5.13.15 as a patched version.

@vkarpov15 vkarpov15 removed this from the 6.6.2 milestone Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vkarpov15 @Uzlopak @shubanker @neeraj-vts