node-json5 0.5.1-3ubuntu0.1 source package in Ubuntu
Changelog
node-json5 (0.5.1-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Prototype pollution in object returned by JSON5.parse
- debian/patches/cve-2022-46175.diff: use Object.defineProperty instead of
direct property assignment to stop __proto__ from being treated specially
in lib/json5.js; unit test in test/testproto.js.
- CVE-2022-46175
-- Luci Stanescu <email address hidden> Thu, 25 Apr 2024 18:19:31 +0300
Upload details
- Uploaded by:
- Luci Stanescu
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- javascript
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | misc | |
| Focal | security | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| node-json5_0.5.1.orig.tar.gz | 19.6 KiB | 3618908ccc9038ecbd5e11b8e20f38246a2527778b3a38c8814d499aa05e206e |
| node-json5_0.5.1-3ubuntu0.1.debian.tar.xz | 10.2 KiB | 6adcce36ee90cdd406a5097ea1839e0f5afc07020128038399feb93b1de28af2 |
| node-json5_0.5.1-3ubuntu0.1.dsc | 1.5 KiB | 2d182f12abbd9684104316290ba974faa6c249b7c0d1a6760235579cb1c6fed4 |
Available diffs
Binary packages built by this source
- node-json5: JSON for the ES5 era
JSON5 is a proposed extension to JSON that aims to make it easier for
humans to write and maintain by hand. It does this by adding some
minimal syntax features directly from ECMAScript 5.
.
JSON5 remains a strict subset of JavaScript, adds no new data types,
and works with all existing JSON content.
.
JSON5 is not an official successor to JSON, and JSON5 content may not
work with existing JSON parsers. For this reason, JSON5 files use a
new .json5 extension. (TODO: new MIME type needed too.)
.
The code here is a reference JavaScript implementation for both Node.js
and all browsers. It’s based directly off of Douglas Crockford’s own
JSON implementation, and it’s both robust and secure.
.
Node.js is an event-based server-side JavaScript engine.
