CVE-2022-2564 vulnerability for version 5.x #12297

shubanker · 2022-08-19T06:54:01Z

Fix #12281
patch for prototype pollution vulnerability CVE-2022-2564 The CVS score is 7.0.
This patch is already available in version 6.4.6 , downporting it for 5.x

…ted properties Fix Automattic#12085

vkarpov15

Thanks 👍 we'll work on fixing the build in 5.x branch, doesn't look like the build issue has anything to do with this PR.

vkarpov15 and others added 2 commits August 19, 2022 12:19

fix(schema): disallow setting __proto__ when creating schema with dot…

6a19731

…ted properties Fix Automattic#12085

made function non async

5eb11dd

vkarpov15 approved these changes Aug 21, 2022

View reviewed changes

vkarpov15 added this to the 5.13.15 milestone Aug 21, 2022

vkarpov15 merged commit 99b4189 into Automattic:5.x Aug 21, 2022

vkarpov15 added a commit that referenced this pull request Aug 21, 2022

test: fix @types/node version in tests re: #12297

4d813fa

vkarpov15 added a commit that referenced this pull request Aug 21, 2022

test: try upgrading npm for node v4 tests re: #12297

dfc4ad7

vkarpov15 added a commit that referenced this pull request Aug 21, 2022

test: run node 7 tests with upgraded npm re: #12297

a1144dc

vkarpov15 mentioned this pull request Aug 21, 2022

Fix 5.x build issues #12307

Merged

shubanker deleted the issue/prototype-pollution-5.x-patch branch August 22, 2022 01:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-2564 vulnerability for version 5.x #12297

CVE-2022-2564 vulnerability for version 5.x #12297

shubanker commented Aug 19, 2022 •

edited

Loading

vkarpov15 left a comment

CVE-2022-2564 vulnerability for version 5.x #12297

CVE-2022-2564 vulnerability for version 5.x #12297

Conversation

shubanker commented Aug 19, 2022 • edited Loading

vkarpov15 left a comment

Choose a reason for hiding this comment

shubanker commented Aug 19, 2022 •

edited

Loading