[ubuntu/focal-security] node-json5 0.5.1-3ubuntu0.1 (Accepted)
Luci Stanescu
luci.stanescu at canonical.com
Tue Apr 30 08:33:22 UTC 2024
node-json5 (0.5.1-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Prototype pollution in object returned by JSON5.parse
- debian/patches/cve-2022-46175.diff: use Object.defineProperty instead of
direct property assignment to stop __proto__ from being treated specially
in lib/json5.js; unit test in test/testproto.js.
- CVE-2022-46175
Date: 2024-04-26 14:09:19.082049+00:00
Changed-By: Luci Stanescu <luci.stanescu at canonical.com>
https://launchpad.net/ubuntu/+source/node-json5/0.5.1-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list