backbone-query-parameters is vulnerable to prototype pollution (CVE-2021-20085). The readme indicates this package has been unmaintained going on six years, so I'm not opening this issue with the expectation that it will get fixed. I'm opening it to raise awareness since this was reported to npm, and they've indicated they're not going to publish a security advisory. If you're using this package, I think the only options to address this vulnerability are:
- Fork it and develop a fix on your own, or
- Stop using the library
References:
backbone-query-parameters is vulnerable to prototype pollution (CVE-2021-20085). The readme indicates this package has been unmaintained going on six years, so I'm not opening this issue with the expectation that it will get fixed. I'm opening it to raise awareness since this was reported to npm, and they've indicated they're not going to publish a security advisory. If you're using this package, I think the only options to address this vulnerability are:
References: