Skip to content
This repository has been archived by the owner on Mar 1, 2024. It is now read-only.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') #461

Open
philipjonsen opened this issue Mar 15, 2023 · 0 comments
Open

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') #461

philipjonsen opened this issue Mar 15, 2023 · 0 comments

Comments

@philipjonsen
Copy link

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

Prototype Pollution in y18n ### Overview The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POC const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

https://nvd.nist.gov/vuln/detail/CVE-2022-0691
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@philipjonsen