CVE-2020-7774 – Prototype Pollution

https://notcve.org/view.php?id=CVE-2020-7774

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. El paquete y18n anterior a las versiones 3.2.2, 4.0.1 y 5.0.5, es vulnerable a la contaminación de prototipos A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/yargs/y18n/issues/96 https://github.com/yargs/y18n/pull/108 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306 https://snyk.io/vuln/SNYK-JS-Y18N-1021887 https://www.oracle.com/security-alerts/cpuApr2021.html https://access.redhat.com/security/cve/CVE-2020-7774 https://bugzilla.redhat.com/show_bug.cgi?id=1898680 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •