y18n is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__
, constructor
and prototype
.
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/418sec/huntr/blob/master/bounties/npm/y18n/1/README.md
github.com/418sec/JSON8/pull/2
github.com/yargs/y18n/issues/96
github.com/yargs/y18n/pull/107
github.com/yargs/y18n/pull/108
www.npmjs.com/advisories/1654
www.oracle.com/security-alerts/cpuApr2021.html