node-bunyan icon indicating copy to clipboard operation
node-bunyan copied to clipboard
verified publisher icon trentm

Prototype Pollution in [email protected] and License issue in [email protected]

Open hetzbr opened this issue 5 years ago • 1 comments

There is a prototype pollution vulnerability in the latest version of Bunyan 2.0.2 introduced by [email protected] > [email protected] > [email protected] > [email protected]

https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

In addition, there is a license issue introduced by [email protected] > [email protected]

https://snyk.io/vuln/snyk:lic:npm:exeunt:MPL-2.0

hetzbr avatar Apr 13 '20 14:04 hetzbr

(The prototype pollution vulnerability also exists in bunyan v1, captured in https://github.com/trentm/node-bunyan/issues/643)

a-n-d-r-3-w avatar Jun 30 '20 13:06 a-n-d-r-3-w