Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zipObjectDeep: fix prototype pollution #4759

Merged
merged 1 commit into from Jul 2, 2020
Merged

zipObjectDeep: fix prototype pollution #4759

merged 1 commit into from Jul 2, 2020
+37 −0

Conversation

JackuB
Copy link

@JackuB JackuB commented May 7, 2020

Following PR #4745 and this comment https://github.com/lodash/lodash/issues/4744#issuecomment-625020477.

Here is the patch for prototype pollution in zipObjectDeep.

@jsf-clabot
Copy link

jsf-clabot commented May 7, 2020
edited

CLA assistant check
All committers have signed the CLA.

@vaibhavarora14 vaibhavarora14 mentioned this pull request May 10, 2020
Open
@JackuB JackuB force-pushed the patch-SNYK-JS-LODASH-567746 branch from 7816228 to 787b42b Compare May 11, 2020 08:52
@mdeknowis
Copy link

Is this PR the "better" fix? #4745

@probablyabear probablyabear mentioned this pull request May 15, 2020
Open
Neumann-Nils added a commit to Neumann-Nils/lodash that referenced this pull request May 25, 2020
@Neumann-Nils
Fix prototype pollution
2f0047b 
Following the approach in lodash#4759
@lodash lodash deleted a comment from deleonio Jun 4, 2020
sdeprez added a commit to DataDog/lodash-4.17.5-fork-zipObjectDeep-vuln-fix that referenced this pull request Jun 8, 2020
@sdeprez
Port PR lodash#4759
2c69fb6
@dhagberg-sf dhagberg-sf mentioned this pull request Jun 9, 2020
Open
@Johannestegner Johannestegner mentioned this pull request Jun 11, 2020
Closed
@andrexweb andrexweb mentioned this pull request Jun 12, 2020
Closed
4 tasks
@sn0wcat sn0wcat mentioned this pull request Jun 15, 2020
Closed
@andreialecu andreialecu mentioned this pull request Jun 17, 2020
Closed
3 tasks
This was referenced Jun 25, 2020
Closed
Open
Merged
Closed
Open
Closed
@rfultz rfultz mentioned this pull request Jun 26, 2020
Closed
2 tasks
@Drarig29 Drarig29 mentioned this pull request Jun 30, 2020
Closed
@lnicola lnicola mentioned this pull request Jul 2, 2020
Merged
@harkotha2 harkotha2 mentioned this pull request Jul 2, 2020
Merged
matthieu-foucault added a commit to bcgov/cas-ciip-portal that referenced this pull request Jul 2, 2020
@matthieu-foucault
chore: add temporary resolution for npm advisory 1523
1c04386 
Update resolution to point to the next patch version
once lodash/lodash#4759 is merged
@matthieu-foucault matthieu-foucault mentioned this pull request Jul 2, 2020
Closed
@jdalton jdalton merged commit c84fe82 into lodash:4.17.15-post Jul 2, 2020
pxwise added a commit to pxwise/lodash that referenced this pull request Jul 2, 2020
@pxwise
fix(zipDeepObject): prototype pollution patch from lodash#4759
ef2afd0
@bnjmnt4n bnjmnt4n added the bug label Jul 3, 2020
@lodash lodash deleted a comment from deepikascetest Nov 16, 2021
@lodash lodash deleted a comment from Soontao Nov 16, 2021
@lodash lodash deleted a comment from rajivshah3 Nov 16, 2021
@lodash lodash deleted a comment from falsyvalues Nov 16, 2021
@lodash lodash deleted a comment from adelyafatykhova Nov 16, 2021
@lodash lodash deleted a comment from mdeknowis Nov 16, 2021
@lodash lodash deleted a comment from Soontao Nov 16, 2021
@lodash lodash deleted a comment from shura-sparrow Nov 16, 2021
@lodash lodash deleted a comment from n0fixedab0de Nov 16, 2021
@lodash lodash deleted a comment from dariadomagala-sap Nov 16, 2021
@lodash lodash deleted a comment from phoydar Nov 16, 2021
@lodash lodash deleted a comment from mdeknowis Nov 16, 2021
@lodash lodash deleted a comment from falsyvalues Nov 16, 2021
@lodash lodash deleted a comment from falsyvalues Nov 16, 2021
@lodash lodash deleted a comment from jigalovd Nov 16, 2021
@lodash lodash deleted a comment from utlime Nov 16, 2021
@lodash lodash deleted a comment from lishuochuan Nov 16, 2021
@lodash lodash deleted a comment from neagle Nov 16, 2021
@lodash lodash deleted a comment from matthieu-foucault Nov 16, 2021
@lodash lodash deleted a comment from NomaanAhmed Nov 16, 2021
@lodash lodash deleted a comment from rally25rs Nov 16, 2021
@lodash lodash deleted a comment from matthieu-foucault Nov 16, 2021
@lodash lodash deleted a comment from matthieu-foucault Nov 16, 2021
@lodash lodash deleted a comment from rally25rs Nov 16, 2021
@lodash lodash deleted a comment from martin-walsh Nov 16, 2021
@lodash lodash deleted a comment from RobertoGongora Nov 16, 2021
@lodash lodash deleted a comment from cmrn Nov 16, 2021
@lodash lodash deleted a comment from rajivshah3 Nov 16, 2021
@jdalton jdalton added issue bankruptcy Closing the issue/PR to start fresh and removed issue bankruptcy Closing the issue/PR to start fresh labels Sep 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@josephwccheng josephwccheng josephwccheng approved these changes

Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@JackuB @jsf-clabot @mdeknowis @josephwccheng @jdalton @bnjmnt4n