Search for packages
| purl | pkg:npm/yargs-parser@6.0.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jqtk-shbr-nkaw
Aliases: CVE-2020-7608 GHSA-p9pc-299p-vxgp |
yargs-parser Vulnerable to Prototype Pollution Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`. ## Recommendation Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:01:41.240406+00:00 | GitLab Importer | Affected by | VCID-jqtk-shbr-nkaw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yargs-parser/CVE-2020-7608.yml | 38.4.0 |
| 2026-04-11T22:12:59.215301+00:00 | GitLab Importer | Affected by | VCID-jqtk-shbr-nkaw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yargs-parser/CVE-2020-7608.yml | 38.3.0 |
| 2026-04-02T22:25:22.855696+00:00 | GitLab Importer | Affected by | VCID-jqtk-shbr-nkaw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yargs-parser/CVE-2020-7608.yml | 38.1.0 |
| 2026-04-01T16:43:17.732840+00:00 | GitLab Importer | Affected by | VCID-jqtk-shbr-nkaw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yargs-parser/CVE-2020-7608.yml | 38.0.0 |