Incorrectly closed Issue #192 - Prototype Pollution in mout

Question

Incorrectly closed Issue #192 - Prototype Pollution in mout

Opened this issue 2 years ago · 1 comments

Dezzymei commented 2 years ago

It appears that issue #192 was incorrectly closed as there is still currently an issue with said dependency.

Please can this be resolved to remove this vulnerability?

Which SDK version are you using?

15.0.0

What's the issue?

npm audit shows a security vulnerability

Steps/Sample code to reproduce the issue

npm install facebook-nodejs-business-sdk
npm audit

Observed Results:

# npm audit report

mout  <=1.2.3
Severity: high
Prototype Pollution in mout - https://github.com/advisories/GHSA-pc58-wgmc-hfjr
Prototype Pollution in mout - https://github.com/advisories/GHSA-vvv8-xw5f-3f88
fix available via `npm audit fix --force`
Will install facebook-nodejs-business-sdk@6.0.0, which is a breaking change
node_modules/mout
  iso-3166-1-alpha-2  *
  Depends on vulnerable versions of mout
  node_modules/iso-3166-1-alpha-2
    facebook-nodejs-business-sdk  >=6.0.1
    Depends on vulnerable versions of iso-3166-1-alpha-2
    node_modules/facebook-nodejs-business-sdk

3 high severity vulnerabilities

Expected Results:

No Prototype Pollution in mout

Answer 1 · 2022-12-19T20:11:07.000Z

Or perhaps a new version needs to be released as this reference to alpha should no longer exist in the code so perhaps it has not been released!?