CVE-2021-44906

https://github.com/advisories/GHSA-xvch-5gv4-984h

```
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
  json5  1.0.0-beta - 2.2.0
  Depends on vulnerable versions of minimist
  node_modules/loader-utils/node_modules/json5
    loader-utils  1.2.0 - 1.4.0
    Depends on vulnerable versions of json5
```

This was fixed in version 2 of `json5` :

https://github.com/json5/json5

But not in version 1.

------

This might be resolved by updating `loader-utils` as it has no dependencies.

https://github.com/webpack/loader-utils/blob/master/package.json#L6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2021-44906 #937

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CVE-2021-44906 #937

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions