Skip to content

Commit

Permalink
This affects the package set-value before 2.0.1, and starting with 3.…
Browse files Browse the repository at this point in the history 
…0.0 but prior to 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
  • Loading branch information
@sbalia
sbalia committed May 9, 2022
1 parent c976a42 commit 2dedc66
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions Tasks/AppCenterTestV1/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Tasks/AppCenterTestV1/task.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"author": "Microsoft Corporation",
"version": {
"Major": 1,
"Minor": 198,
"Minor": 205,
"Patch": 0
},
"groups": [
Expand Down
2 changes: 1 addition & 1 deletion Tasks/AppCenterTestV1/task.loc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"author": "Microsoft Corporation",
"version": {
"Major": 1,
"Minor": 198,
"Minor": 205,
"Patch": 0
},
"groups": [
Expand Down

0 comments on commit 2dedc66

Please sign in to comment.