Duplicate advisories for Prototype Pollution in min-dash: GHSA-2m53-83f3-562j and GHSA-fm93-fhh2-cg2c

There appear to be **two advisories** in the GitHub Advisory Database describing the **same prototype pollution vulnerability** in the `min-dash` JavaScript package:

- **[GHSA-2m53-83f3-562j](https://github.com/advisories/GHSA-2m53-83f3-562j)**
    - No CVE ID
    - Limited metadata
    - No fix commit or external references
        
- **[GHSA-fm93-fhh2-cg2c](https://github.com/advisories/GHSA-fm93-fhh2-cg2c)**
    - Has a CVE: **CVE-2021-23460**
    - Provides a clear description, references, and the fix commit:
        - Patch commit: [bpmn-io/min-dash@289e6c7](https://github.com/bpmn-io/min-dash/commit/289e6c7b37b524b235be3040a227a49f0e2b9d2e)

These two advisories describe the **same underlying issue** and request to **withdraw GHSA-2m53-83f3-562j**, as **GHSA-fm93-fhh2-cg2c** is more complete and includes the canonical CVE (**CVE-2021-23460**), along with additional references and context.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Duplicate advisories for Prototype Pollution in min-dash: GHSA-2m53-83f3-562j and GHSA-fm93-fhh2-cg2c #5816

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Duplicate advisories for Prototype Pollution in min-dash: GHSA-2m53-83f3-562j and GHSA-fm93-fhh2-cg2c #5816

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions