Aug 25 2021 05:19 AM
I have a new SPFx project, basically empty, and my company requires that the code is scaned for vulnerabilities using veracode.
The only High Finding I could find is this one:
set-getter and set-getter are vulnerable to Prototype Pollution.
set-getter is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as `__proto__`, `constructor` and `prototype`.
I checked and there are no new versions of this, so I have to provide a valid reason to the security team in order to be able to ignore this flaw.
Is there something I can do in a new SPFx project? Can this dependency be removed somehow or will it break something?
Aug 25 2021 07:36 AM
Aug 25 2021 12:01 PM