Vulnerabilities > CVE-2020-7608 - Unspecified vulnerability in Yargs Yargs-Parser

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

local

low complexity

NVD

Published: 2020-03-16

Updated: 2022-11-15

Summary

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

Part	Description	Count
Application	Yargs Yargs Yargs Parser 14.0.0 Yargs Yargs Parser 15.0.0 Yargs Yargs Parser 16.0.0 Yargs Yargs Parser 16.1.0 Yargs Yargs Parser 17.0.0 Yargs Yargs Parser 17.0.1 Yargs Yargs Parser 17.1.0 Yargs Yargs Parser 18.0.0 Yargs Yargs Parser 18.1.0 Yargs Yargs Parser 1.0.0 Yargs Yargs Parser 1.0.1 Yargs Yargs Parser 1.1.0 Yargs Yargs Parser 1.1.1 Yargs Yargs Parser 2.0.0 Yargs Yargs Parser 2.1.0 Yargs Yargs Parser 2.1.1 Yargs Yargs Parser 2.1.2 Yargs Yargs Parser 2.2.0 Yargs Yargs Parser 2.3.0 Yargs Yargs Parser 2.4.0 Yargs Yargs Parser 2.4.1 Yargs Yargs Parser 3.0.0 Yargs Yargs Parser 3.1.0 Yargs Yargs Parser 3.2.0 Yargs Yargs Parser 4.0.0 Yargs Yargs Parser 4.0.1 Yargs Yargs Parser 4.0.2 Yargs Yargs Parser 4.1.0 Yargs Yargs Parser 4.2.0 Yargs Yargs Parser 4.2.1 Yargs Yargs Parser 5.0.0 Yargs Yargs Parser 6.0.0 Yargs Yargs Parser 6.0.1 Yargs Yargs Parser 7.0.0 Yargs Yargs Parser 8.0.0 Yargs Yargs Parser 8.1.0 Yargs Yargs Parser 9.0.0 Yargs Yargs Parser 9.0.1 Yargs Yargs Parser 9.0.2 Yargs Yargs Parser 10.0.0 Yargs Yargs Parser 10.1.0 Yargs Yargs Parser 11.0.0 Yargs Yargs Parser 11.1.0 Yargs Yargs Parser 11.1.1 Yargs Yargs Parser 12.0.0 Yargs Yargs Parser 13.0.0 Yargs Yargs Parser 13.1.0 Yargs Yargs Parser 13.1.1	51