EPSS
Percentile
12.8%
yargs-parser is vulnerable to prototype pollution. The attack exists as it does not properly sanitize the key value provided by users, allowing the malicious properties of Object.prototype to be parsed or modified using a __proto__ payload.
__proto__
github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
www.npmjs.com/advisories/1500