Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash

Approved by xiemaisi
2026-04-30 11:15:13 +02:00 · 2019-07-04 07:19:45 +01:00
parent 6cda33c39e ecf367fa65
commit 40f7e6f514
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
@@ -162,7 +162,7 @@ module PrototypePollution {
      version.maybeBefore("4.0.1")
      or
      id = "lodash" + any(string s) and
-      version.maybeBefore("4.17.11")
+      version.maybeBefore("4.17.12")
      or
      id = "merge" and
      version.maybeBefore("1.2.1")