Moderate severityNVD Advisory· Published Mar 16, 2020· Updated Aug 4, 2024
CVE-2020-7608
CVE-2020-7608
Description
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yargs-parsernpm | >= 6.0.0, < 13.1.2 | 13.1.2 |
yargs-parsernpm | >= 14.0.0, < 15.0.1 | 15.0.1 |
yargs-parsernpm | >= 16.0.0, < 18.1.1 | 18.1.1 |
yargs-parsernpm | < 5.0.1 | 5.0.1 |
Affected products
4- yargs-parser/yargs-parserdescription
- ghsa-coords3 versions
>= 6.0.0, < 13.1.2+ 2 more
- (no CPE)range: >= 6.0.0, < 13.1.2
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-p9pc-299p-vxgpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7608ghsaADVISORY
- github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36ghsaWEB
- github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2ghsaWEB
- snyk.io/vuln/SNYK-JS-YARGSPARSER-560381ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/1500ghsaWEB
News mentions
0No linked articles in our index yet.