Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution.

Hi Team,
We are using ngx-translate/i18n-polyfill library for our i18 support.
We are getting an security vulnerability due to yargs-parser.
 
Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution.
https://nvd.nist.gov/vuln/detail/CVE-2020-7608

Can you please update the dependency and create a new version ?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution. #118

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Yarg dependancy from the polyfill uses yargs-parser which is vulnerable to privilege escalation and remote code execution (RCE) via prototype pollution. #118

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions