This repository was archived by the owner on Mar 1, 2024. It is now read-only.
This repository was archived by the owner on Mar 1, 2024. It is now read-only.
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') #461
Description
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Prototype Pollution in y18n ### Overview The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POC const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.