Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Prototype pollution vulnerability in bundled swiper library #23342

Closed
jkronborg opened this issue May 21, 2021 · 2 comments · Fixed by #23344
Closed

bug: Prototype pollution vulnerability in bundled swiper library #23342

jkronborg opened this issue May 21, 2021 · 2 comments · Fixed by #23344
Labels
type: bug a confirmed bug report

Comments

@jkronborg
Copy link

Bug Report

Ionic version:
[x] 4.x
[x] 5.x

Current behavior:
@ionic/core bundles swiper version 5.4.1 (source), that has a critical prototype pollution vulnerability (GitHub advisory).

Expected behavior:
swiper is updated to a version without the known vulnerability (>= 6.5.1).
@ionitron-bot ionitron-bot bot added the triage label May 21, 2021
@liamdebeasi liamdebeasi mentioned this issue May 21, 2021
Merged
13 tasks
@liamdebeasi liamdebeasi added the type: bug a confirmed bug report label May 21, 2021
@ionitron-bot ionitron-bot bot removed the triage label May 21, 2021
@liamdebeasi
Copy link
Contributor

Thanks! We were able to backport the prototype pollution fix to our installation of Swiper and it will ship in our next release.

liamdebeasi added a commit that referenced this issue May 21, 2021
@liamdebeasi
fix(slides): resolve prototype pollution in swiper v5 (#23344)
a708c41 
resolves #23342
@ionitron-bot
Copy link

ionitron-bot bot commented Jun 20, 2021

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Ionic, please create a new issue and ensure the template is fully filled out.

@ionitron-bot ionitron-bot bot locked and limited conversation to collaborators Jun 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: bug a confirmed bug report
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(slides): resolve prototype pollution in swiper v5 ionic-team/ionic-framework
2 participants
@liamdebeasi @jkronborg