Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

yargs-parser causing protoype pollution vulnerability #291

Open
rohan-deshpande opened this issue May 25, 2020 · 0 comments
Open

yargs-parser causing protoype pollution vulnerability #291

rohan-deshpande opened this issue May 25, 2020 · 0 comments

Comments

@rohan-deshpande
Copy link

rohan-deshpande commented May 25, 2020

  • dtslint@3.6.4
  • npm@6.13.4
  • node@v12.15.0
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ dtslint [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ dtslint > dts-critic > yargs > yargs-parser                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant