CVE-2020-7598
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
| Software | From | Fixed in |
|---|---|---|
| substack / minimist | - | 1.2.2 |
| opensuse / leap | 15.1 | 15.1.x |
minimist
|
- | 0.2.1 |
|
minimist
|
1.0.0 | 1.2.3 |
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
- https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
- https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
- https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://www.npmjs.com/advisories/1179
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime