33 matches found
Prototype Pollution
Overview Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument...
yargs-parser input validation error vulnerability
yargs-parser is an option parser. An input validation error vulnerability exists in yargs-parser versions prior to 13.1.2, 14.0.0 and later fixed in 15.0.1, and 16.0.0 and later fixed in 18.1.1, which can be exploited to add or modify an Object.prototype property with the help of the 'proto'...
Prototype Pollution
yargs-parser is vulnerable to prototype pollution. The attack exists as it does not properly sanitize the key value provided by users, allowing the malicious properties of Object.prototype to be parsed or modified using a proto payload...
CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
DEBIAN-CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
Design/Logic Flaw
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
UBUNTU-CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
CVE-2020-7608
CVE-2020-7608 affects the yargs-parser package and enables prototype pollution via a proto payload, allowing modification of Object.prototype. Public data notes local/remote impact depending on the environment, with CVSS vectors indicating low-to-medium base severity (NVD CVSS v3.1: 5.3, LOCAL, L...
Prototype Pollution
Overview yargs-parser is a mighty option parser used by yargs. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of Object.prototype using a proto payload. Our research team checked several attack vectors to...