msgpack5 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as __proto__
, constructor
and prototype
.
github.com/advisories/GHSA-gmjw-49p4-pcfm
github.com/mcollina/msgpack5/commit/d4e6cb956ae51c8bb2828e71c7c1107c340cf1e8
github.com/mcollina/msgpack5/releases/tag/v3.6.1
github.com/mcollina/msgpack5/releases/tag/v4.5.1
github.com/mcollina/msgpack5/releases/tag/v5.2.1
github.com/mcollina/msgpack5/security/advisories/GHSA-gmjw-49p4-pcfm
www.npmjs.com/advisories/1651
www.npmjs.com/package/msgpack5