CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.1-dev (changelog, source)
Search

Predicate PrototypePollution::isVulnerableDeepExtendCallAllVersions

Holds if call comes from a package named id and is vulnerable to prototype pollution in every version of that package.

Import path

import semmle.javascript.security.dataflow.PrototypePollutionCustomizations
predicate isVulnerableDeepExtendCallAllVersions(ExtendCall call, string id)