Merge pull request #1854 from asger-semmle/prototype-pollution-precision

semmle-qlci · web-flow · commit 6778f284248f · 2019-09-03T10:50:24.000+01:00
Approved by esben-semmle, xiemaisi
diff --git a/change-notes/1.23/analysis-javascript.md b/change-notes/1.23/analysis-javascript.md
@@ -18,6 +18,7 @@
 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
 | Client-side cross-site scripting (`js/xss`) | More results | More potential vulnerabilities involving functions that manipulate DOM attributes are now recognized. |
+| Prototype pollution (`js/prototype-pollution`) | Same results | The results are now shown on LGTM by default. |
 
 ## Changes to QL libraries
 
diff --git a/javascript/ql/src/Security/CWE-400/PrototypePollution.ql b/javascript/ql/src/Security/CWE-400/PrototypePollution.ql
@@ -3,8 +3,8 @@
  * @description Recursively merging a user-controlled object into another object
  *              can allow an attacker to modify the built-in Object prototype. 
  * @kind path-problem
- * @problem.severity warning
- * @precision medium
+ * @problem.severity error
+ * @precision high
  * @id js/prototype-pollution
  * @tags security
  *       external/cwe/cwe-250
