Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

yargs-parser causing protoype pollution vulnerability #291

Open
rohan-deshpande opened this issue May 25, 2020 · 0 comments
Open

yargs-parser causing protoype pollution vulnerability #291

rohan-deshpande opened this issue May 25, 2020 · 0 comments

Comments

@rohan-deshpande
Copy link

rohan-deshpande commented May 25, 2020
edited

  • dtslint@3.6.4
  • npm@6.13.4
  • node@v12.15.0
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ dtslint [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ dtslint > dts-critic > yargs > yargs-parser                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rohan-deshpande