This repository has been archived by the owner on Nov 21, 2022. It is now read-only.
CVE-2020-7774 (High) detected in y18n-4.0.0.tgz #56
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2020-7774 - High Severity Vulnerability
Vulnerable Library - y18n-4.0.0.tgz
the bare-bones internationalization library used by yargs
Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz
Dependency Hierarchy:
Found in HEAD commit: fcc06a591b2bdd9d340bcc00c4ebf54ed6dbe7f5
Found in base branch: master
Vulnerability Details
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Publish Date: 2020-11-17
URL: CVE-2020-7774
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1654
Release Date: 2020-11-17
Fix Resolution (y18n): 4.0.1
Direct dependency fix Resolution (@angular/localize): 9.1.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: