Mageia 2021-0170: nodejs-yargs-parser security update
Summary
yargs-parser could be tricked into adding or modifying properties of
Object.prototype using a "__proto__" payload (CVE-2020-7608).
References
- https://bugs.mageia.org/show_bug.cgi?id=27975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Resolution
MGASA-2021-0170 - Updated nodejs-yargs-parser packages fix security vulnerability
SRPMS
- 7/core/nodejs-yargs-parser-10.0.0-3.1.mga7