Describe the vulnerability
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Where is it?
Upgrade yargs-parser to 13.1.2, 15.0.1, 18.1.1 or later in ../microservices/package-lock.json
Risk involved
This is only exploitable if attackers have control over the arguments being passed to yargs-parser, making it a low risk vulnerability.
Describe the vulnerability Affected versions of
yargs-parserare vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ofObject, causing the addition or modification of an existing property that will exist on all objects.Where is it? Upgrade
yargs-parserto 13.1.2, 15.0.1, 18.1.1 or later in../microservices/package-lock.jsonRisk involved This is only exploitable if attackers have control over the arguments being passed to
yargs-parser, making it a low risk vulnerability.Database GHSA-p9pc-299p-vxgp
Expected behavior The containers will still compile there is no issue with that. But the application will be vulnerable to prototype pollution.
Additional context