4 matches found
OESA-2022-1769 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
CVE-2020-7774
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution...
@agneta/cli (>=0.14.7 <=0.14.15), @servisbot/servisbot-cli (>=9.4.0 <=10.3.2) +3 more potentially affected by CVE-2020-7774 via y18n (=4.0.0)
y18n NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on y18n and may be impacted: - @agneta/cli =0.14.7, =9.4.0, =0.14.4, =1.0.0-rc.1, =1.0.0-rc.7 Source cves: CVE-2020-7774 Source advisory: SNYK:JS-Y18N-1021887...
Prototype Pollution
y18n is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...