grunt-karma is vulnerable to prototype pollution. The vulnerability is due to the exports
functions in grunt-karma.js
where an attacker cam injects properties into the existing JavaScript construct prototype.
CPE | Name | Operator | Version |
---|---|---|---|
grunt-karma | le | 4.0.2 | |
grunt-karma | le | 4.0.2 | |
grunt-karma | le | 2.0.0 | |
grunt-karma | le | 4.0.2 | |
grunt-karma | le | 4.0.2 | |
grunt-karma | le | 2.0.0 |
github.com/advisories/GHSA-hcj4-xf6x-63wj
github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L109
github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L26
github.com/karma-runner/grunt-karma/issues/311