facebook-nodejs-business-sdk
facebook-nodejs-business-sdk copied to clipboard
facebook
Prototype Pollution vulenrability
Which SDK version are you using?
^12.0.1
What's the issue?
Snyk reporting Prototype Pollution vulenrability
Steps/Sample code to reproduce the issue
https://app.snyk.io/test/npm/facebook-nodejs-business-sdk/12.0.1
Observed Results:
Expected Results:
No vulnerabilities should be found by Snyk
Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
it still requires the community's attention. Prototype Pollution vulenrability is not fixed. Please see
Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-MOUT-1014544] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
https://github.com/advisories/GHSA-pc58-wgmc-hfjr for more info. Still an issue.
Still an issue:
# npm audit report
mout <1.2.3
Severity: high
Prototype Pollution in mout - https://github.com/advisories/GHSA-pc58-wgmc-hfjr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/mout
iso-3166-1-alpha-2 *
Depends on vulnerable versions of mout
node_modules/iso-3166-1-alpha-2
facebook-nodejs-business-sdk >=6.0.1
Depends on vulnerable versions of iso-3166-1-alpha-2
node_modules/facebook-nodejs-business-sdk
Is it possible to prioritize fixing of this vulnerability as it impacts negatively on cybersecurity report and business?
@facebook-github-bot why the issue is closed when PR merge was failed ? Could you drop support of Node.js version 8?
npm's automated fix seems to cause a rollback to version 6.0.0
It would be great to remove this, please!
