popsicle is vulnerable to Prototype Pollution

Question

popsicle is vulnerable to Prototype Pollution

Closed this issue a year ago · 2 comments

popsicle is using popsicle-cookie-jar 1.0.0 which is vulnerable to Prototype Pollution

Answer 1 · 2023-10-10T06:47:38.000Z

Once popsicle-cookie-jar has updated we can just run npm update popsicle-cookie-jar and it should fix the vulnerability (and as long as it's just a 1.0.0 -> 1.0.1 release)

└─ popsicle@12.1.0
   └─ popsicle-cookie-jar@1.0.0
      └─  tough-cookie@3.0.1

Answer 2 · 2023-11-21T07:06:55.000Z

The latest release includes the updated popsicle-cookie-jar. This was only a vulnerability if you happened to be using a custom CookieJar with rejectPublicSuffixes=false.