Impact
forge.util.setPath had a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself.
Patches
The forge.util.setPath API and related functions were removed in 0.10.0.
Workarounds
Don't call forge.util.setPath directly or indirectly with untrusted keys.
References
For more information
If you have any questions or comments about this advisory:
Impact
forge.util.setPathhad a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself.Patches
The
forge.util.setPathAPI and related functions were removed in 0.10.0.Workarounds
Don't call
forge.util.setPathdirectly or indirectly with untrusted keys.References
For more information
If you have any questions or comments about this advisory: