Skip to content
This repository has been archived by the owner on Apr 30, 2024. It is now read-only.

CVE-2022-37614/Prototype pollution found in mockery.js #77

Open
secdevlpr26 opened this issue Oct 10, 2022 · 3 comments
Open

CVE-2022-37614/Prototype pollution found in mockery.js #77

secdevlpr26 opened this issue Oct 10, 2022 · 3 comments

Comments

@secdevlpr26
Copy link

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f056 via the key variable in mockery.js.

The prototype pollution vulnerability can be mitigated with several best practices described here: https://learn.snyk.io/lessons/prototype-pollution/javascript/
@joshftb joshftb mentioned this issue Oct 25, 2022
Closed
@wesleyscholl
Copy link

If there is a patch for this, please advise. Thanks 👍🏻

ghost referenced this issue Aug 12, 2023
@carlosvillademor
fix: add null checks before removing parent refs
e018f4c 
This is to prevent the disable method to fail if there is anything on
the require cache object that does not have a parent element or
children on that parent object.

This fixes a problem introduced on PR
#57
@chris-tuncap chris-tuncap mentioned this issue Aug 16, 2023
Open
@JordiSAGE
Copy link

Hi @wesleyscholl this security vulnerability has been fixed some time ago, as this is making other dependant libraries to detect the vulnerability, when do you think that this will be integrated and the patch released on mockery?
Thank you in advance.

@dgrebb dgrebb mentioned this issue Nov 27, 2023
Closed
@dgrebb dgrebb mentioned this issue Dec 15, 2023
Merged
@MarioMajcicaAtABNAMRO
Copy link

It would be very nice if this one could be fixed. Any progress or any help needed? Thanks

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@secdevlpr26 @JordiSAGE @wesleyscholl @MarioMajcicaAtABNAMRO