contracts icon indicating copy to clipboard operation
contracts copied to clipboard
verified publisher icon maticnetwork

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Open philipjonsen opened this issue 2 years ago • 0 comments

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

Prototype Pollution in y18n ### Overview The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POC const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

https://nvd.nist.gov/vuln/detail/CVE-2022-0691

philipjonsen avatar Mar 15 '23 19:03 philipjonsen