Vulnerability Description
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
CVSS Score
7.3
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Y18N Project | Y18N | < 3.2.2 |
| Oracle | Graalvm | 19.3.5 |
| Siemens | Sinec Infrastructure Network Services | < 1.0.1.1 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://github.com/yargs/y18n/issues/96ExploitThird Party Advisory
- https://github.com/yargs/y18n/pull/108PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887ExploitThird Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
- https://github.com/yargs/y18n/issues/96ExploitThird Party Advisory
- https://github.com/yargs/y18n/pull/108PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887ExploitThird Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2020-7774?
CVE-2020-7774 is a vulnerability with a CVSS score of 7.3 (HIGH). The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
How severe is CVE-2020-7774?
CVE-2020-7774 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7774?
Check the references section above for vendor advisories and patch information. Affected products include: Y18N Project Y18N, Oracle Graalvm, Siemens Sinec Infrastructure Network Services.