The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Node.js yargs-parser: read-write access via Prototype Pollution

Synthesis of the vulnerability 

An attacker can bypass access restrictions via Prototype Pollution of Node.js yargs-parser, in order to read or alter data.
Vulnerable products: Nodejs Modules ~ not comprehensive, RHEL.
Severity of this weakness: 2/4.
Creation date: 05/10/2020.
Références of this bulletin: CVE-2020-7608, NPM-1500, RHSA-2021:0521-01, RHSA-2021:0548-01, VIGILANCE-VUL-33480.

Description of the vulnerability 

An attacker can bypass access restrictions via Prototype Pollution of Node.js yargs-parser, in order to read or alter data.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as Nodejs Modules ~ not comprehensive, RHEL.

Our Vigil@nce team determined that the severity of this security vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat 

Node.js yargs-parser: versions 13.1.2, 15.0.1 and 18.1.1.
Versions 13.1.2, 15.0.1 and 18.1.1 are fixed:
  https://www.npmjs.com/package/yargs-parser

RHEL 7: new rh-nodejs10-nodejs packages.
New packages are available:
  RHEL 7.0-7.9: rh-nodejs10-nodejs 10.23.1-2.el7

RHEL 8: new nodejs-10 module.
The following module is updated:
  RHEL 8 Module: nodejs:10

Swagger Codegen: version 2.4.16.
The version 2.4.16 is fixed:
  https://github.com/swagger-api/swagger-codegen/releases/tag/v2.4.16
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities note. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.