{"ecosystem":"npm","package":"yargs-parser","version":null,"bugs":[{"id":314,"ecosystem":"npm","package_name":"yargs-parser","affected_version":"6.0.0","fixed_version":"13.1.2","bug_id":"osv:GHSA-p9pc-299p-vxgp","title":"yargs-parser Vulnerable to Prototype Pollution","description":"Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  \nParsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.\n\n\n\n## Recommendation\n\nUpgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.","severity":"medium","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7608","labels":["CVE-2020-7608"],"created_at":"2026-04-19 04:31:08.820580+00:00","updated_at":"2026-04-19 04:31:08.820580+00:00"}],"total":1,"_cache":"hit"}