Lucene search
Veracode Vulnerability DatabaseVERACODE:27639HistoryOct 21, 2020 - 9:45 a.m.
Prototype Pollution
2020-10-2109:45:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
y18n vulnerability injection attribute modification software
EPSS
0.338
Percentile
97.1%
y18n is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype.
References
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/418sec/huntr/blob/master/bounties/npm/y18n/1/README.md
github.com/418sec/JSON8/pull/2
github.com/yargs/y18n/issues/96
github.com/yargs/y18n/pull/107
github.com/yargs/y18n/pull/108
www.npmjs.com/advisories/1654
www.oracle.com/security-alerts/cpuApr2021.html
Related
debiancve
debiancve
CVE-2020-7774
2020-11-17 13:15:12
ibm
ibm
cve
cve
CVE-2020-7774
2020-11-17 13:15:12
redhatcve
redhatcve
CVE-2020-7774
2020-11-17 20:08:56
ubuntucve
ubuntucve
CVE-2020-7774
2020-11-17 00:00:00
nodejs
nodejs
Prototype Pollution
2021-03-12 23:16:43
osv
osv
CVE-2020-7774
2020-11-17 13:15:12
Prototype Pollution in y18n
2021-03-29 16:05:12
Moderate: nodejs:12 security and bug fix update
2020-12-15 16:03:21
alpinelinux
alpinelinux
CVE-2020-7774
2020-11-17 13:15:12
huntr
huntr
Prototype Pollution in yargs/y18n
2020-10-15 00:00:00
cvelist
cvelist
CVE-2020-7774 Prototype Pollution
2020-11-17 12:30:20
github
github
Prototype Pollution in y18n
2021-03-29 16:05:12
prion
prion
Code injection
2020-11-17 13:15:00
nvd
nvd
CVE-2020-7774
2020-11-17 13:15:12
nodejsblog
nodejsblog
April 2021 Security Releases
2021-04-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0372)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2618-1)
2021-08-06 00:00:00
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2021:1113-1)
2021-08-11 00:00:00
nessus
nessus
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2618-1)
2021-08-06 00:00:00
Oracle Linux 8 : nodejs:12 (ELSA-2020-5499)
2020-12-17 00:00:00
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:2618-1)
2021-08-06 00:00:00
suse
suse
Security update for nodejs8 (important)
2021-08-10 00:00:00
Security update for nodejs8 (important)
2021-08-05 00:00:00
Security update for nodejs14 (important)
2021-07-20 00:00:00
oraclelinux
oraclelinux
nodejs:12 security and bug fix update
2020-12-17 00:00:00
nodejs:14 security and bug fix update
2021-02-20 00:00:00
nodejs:10 security update
2021-02-20 00:00:00
almalinux
almalinux
Moderate: nodejs:12 security and bug fix update
2020-12-15 16:03:21
Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
Moderate: nodejs:10 security update
2021-02-16 07:34:15
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2021-07-25 17:45:06
freebsd
freebsd
Node.js -- April 2021 Security Releases
2021-04-06 00:00:00
rocky
rocky
nodejs:12 security and bug fix update
2020-12-15 16:03:21
nodejs:14 security and bug fix update
2021-02-16 07:34:42
nodejs:10 security update
2021-02-16 07:34:15
redhat
redhat
(RHSA-2020:5305) Moderate: rh-nodejs12-nodejs security update
2020-12-01 14:18:32
(RHSA-2020:5499) Moderate: nodejs:12 security and bug fix update
2020-12-15 16:03:21
(RHSA-2021:0421) Moderate: rh-nodejs14-nodejs security update
2021-02-04 16:46:24
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00