We are using the latest 0.12.0 version of this library and from the Whitesource scan report, we see it is indirectly dependent on node-forge-0.8.5 which has a high prio vulnerability reported based on https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-7720
The details of the vulnerability says the following.
The package node-forge before
0.10.0 is vulnerable to Prototype
Pollution via the util.setPath
function. Note: Version 0.10.0 is a
breaking change removing the
vulnerable functions.
Can you please check if you can possibly update to a later version of your dependencies to get this off ?
We are using the latest 0.12.0 version of this library and from the Whitesource scan report, we see it is indirectly dependent on node-forge-0.8.5 which has a high prio vulnerability reported based on https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-7720
The details of the vulnerability says the following.
Can you please check if you can possibly update to a later version of your dependencies to get this off ?