yargs-parser could be tricked into adding or modifying properties of Object.prototype using a “proto” payload (CVE-2020-7608).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | nodejs-yargs-parser | < 10.0.0-3.1 | nodejs-yargs-parser-10.0.0-3.1.mga7 |