Fluid Attacks Database

Description

Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) Withdrawn GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759. The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598 which caused this advisory to be published with incorrect information.

In order to provide accurate advisory information, new advisories were created:

minimist: https://github.com/advisories/GHSA-vh95-rmgr-6w4m

acorn: https://github.com/advisories/GHSA-6chw-6frg-f759

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	minimist	<0	1.2.2
npm	acorn	<0	5.7.4, 6.4.1, 7.1.1, 7.1.1

Aliases

1. GHSA-6chw-6frg-f7592. GHSA-vh95-rmgr-6w4m3. GCVE-GHSA-7fhm-mqm4-2wp7

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.