Forum Discussion

Luis Valencia's avatar
Luis Valencia
Copper Contributor
Aug 25, 2021

New SPFx project, Prototype Pollution Vulnerability in the set-getter library

I have a new SPFx project, basically empty, and my company requires that the code is scaned for vulnerabilities using veracode.   The only High Finding I could find is this one:   https://sca.ana...
VesaJuvonen's avatar
VesaJuvonen
Icon for Microsoft rankMicrosoft
Aug 25, 2021
This vulnerable code is not used in runtime, it's only used in the developer box when solution is scaffolded, so it's not a runtime security issue.

Resources