$ npm install -g @microsoft/rush
The previous command failed because our private npm registry blocked the download of ramda-0.27.2.tgz due to security policies triggered by CVE-2021-42581. Are there plans to upgrade the Ramda dependency to a version that resolves this vulnerability and ensures successful installation?
Vulnerability Details
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "proto") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes
Publish Date: 2022-05-10
URL: CVE-2021-42581
The previous command failed because our private npm registry blocked the download of ramda-0.27.2.tgz due to security policies triggered by CVE-2021-42581. Are there plans to upgrade the Ramda dependency to a version that resolves this vulnerability and ensures successful installation?
Vulnerability Details
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "proto") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes
Publish Date: 2022-05-10
URL: CVE-2021-42581