Source: node-minimist Version: 1.2.0-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for node-minimist. CVE-2020-7598[0]: | minimist before 1.2.2 could be tricked into adding or modifying | properties of Object.prototype using a "constructor" or "__proto__" | payload. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-7598 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7598 [1] https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 [2] https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 Regards, Salvatore