You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
mend-for-github-combot
changed the title
CVE-2020-7608 (High) detected in yargs-parser-8.1.0.tgz
CVE-2020-7608 (Medium) detected in yargs-parser-8.1.0.tgz
Nov 20, 2020
CVE-2020-7608 - Medium Severity Vulnerability
Vulnerable Library - yargs-parser-8.1.0.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-8.1.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 01719cf04fd7c129bd717b07454cfe760bae182e
Vulnerability Details
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-03-16
Fix Resolution: 5.0.1;13.1.2;15.0.1;18.1.1
The text was updated successfully, but these errors were encountered: