i18n-polyfill Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution.

Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution.

Open arun-mano opened this issue 2 years ago • 0 comments

Hi Team, We are using ngx-translate/i18n-polyfill library for our i18 support. We are getting an security vulnerability due to yargs-parser.

Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution. https://nvd.nist.gov/vuln/detail/CVE-2020-7608

Can you please update the dependency and create a new version ?

Mar 24 '22 09:03 arun-mano

i18n-polyfill i18n-polyfill copied to clipboard

Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution.

i18n-polyfill
i18n-polyfill copied to clipboard