Investigate vulnerability: Prototype Pollution in minimist in minimist

Issue created from vulnerability 73057

Description:

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

• Severity: critical
• Confidence: unknown
• Location: package-lock.json

Solution:

Upgrade to version 1.2.6 or above.

Identifiers:

• CVE-2021-44906
• Gemnasium-9d7c0895-2bb9-442d-9a89-eff7a63c0438
• GHSA-xvch-5gv4-984h

Links:

• https://github.com/advisories/GHSA-xvch-5gv4-984h
• https://github.com/substack/minimist/blob/master/index.js#L69
• https://github.com/substack/minimist/issues/164
• https://nvd.nist.gov/vuln/detail/CVE-2021-44906
• https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
• https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068

Scanner:

• Name: Gemnasium