Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Link | Tags |
---|---|
https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L26 | third party advisory exploit |
https://github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L109 | third party advisory exploit |
https://github.com/karma-runner/grunt-karma/issues/311 | issue tracking third party advisory |