Prototype Pollution in simple-plist
Critical severity
GitHub Reviewed
Published
Mar 23, 2022
to the GitHub Advisory Database
•
Updated Nov 29, 2023
Description
Published by the National Vulnerability Database
Mar 22, 2022
Published to the GitHub Advisory Database
Mar 23, 2022
Reviewed
Mar 29, 2022
Last updated
Nov 29, 2023
Credits
-
radiotech Analyst
-
TuurDutoit Analyst
simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().
References