This repository has been archived by the owner on Mar 1, 2024. It is now read-only.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') #461
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Prototype Pollution in y18n ### Overview The npm package
y18nbefore versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POCconst y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.https://nvd.nist.gov/vuln/detail/CVE-2022-0691
The text was updated successfully, but these errors were encountered: