yargs-parser could be tricked into adding or modifying properties of Object.prototype using a proto payload.
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Yargs-parser | Yargs | * | 5.0.1 (excluding) |
| Yargs-parser | Yargs | 6.0.0 (including) | 13.1.2 (excluding) |
| Yargs-parser | Yargs | 14.0.0 (including) | 15.0.1 (excluding) |
| Yargs-parser | Yargs | 16.0.0 (including) | 18.1.1 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:12-8030020201124152102.229f0a1c | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:10-8030020210118191659.229f0a1c | * |
| Red Hat OpenShift Container Storage 4.7.0 on RHEL-8 | RedHat | ocs4/mcg-core-rhel8:5.7.0-60.2c1fdb0.5.7 | * |
| Red Hat Quay 3 | RedHat | quay/quay-rhel8:v3.6.0-62 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs12-nodejs-0:12.19.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs10-nodejs-0:10.23.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs12-nodejs-0:12.19.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs10-nodejs-0:10.23.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs12-nodejs-0:12.19.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs10-nodejs-0:10.23.1-2.el7 | * |
| Node-yargs-parser | Ubuntu | bionic | * |
| Node-yargs-parser | Ubuntu | eoan | * |
| Node-yargs-parser | Ubuntu | trusty | * |
| Node-yargs-parser | Ubuntu | upstream | * |