CVE-2020-28458

CVE-2020-28458

dougb1968dougb1968 Posts: 2Questions: 1Answers: 0

Is there any response to address the vulnerability reported in CVE-2020-28458?

"All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806."

https://nvd.nist.gov/vuln/detail/CVE-2020-28458

Answers

  • allanallan Posts: 63,516Questions: 1Answers: 10,472 Site admin

    I believe the fix for that issue was in this commit, which was included in DataTables 1.10.23 (18th Dec 2020) and every release since then.

    It looks like that CVE entry has just not been updated to take account of that. I've sent Snyk an e-mail asking them if they could update the CVE to reflect that it has been fixed for over two years now.

    Allan

  • dougb1968dougb1968 Posts: 2Questions: 1Answers: 0

    Perfect. Thank you!

Sign In or Register to comment.