Po6Ix

**Name of the Vulnerable Software and Affected Versions** y18n versions prior to 3.2.2 y18n versions prior to 4.0.1 y18n versions prior to 5.0.5 **Description** The issue is related to Prototype Pollution, which can be exploited by a remote attacker to perform a "prototype pollution" attack. This occurs due to uncontrolled modification of object prototype attributes. The estimated number of potentially affected devices worldwide is not specified. There is a proof of concept (POC) that demonstrates the vulnerability by setting the locale to ` proto ` and updating the locale with a polluted object, resulting in the pollution of the prototype. **Recommendations** Upgrade to version 3.2.2 or later for versions prior to 3.2.2 Upgrade to version 4.0.1 or later for versions prior to 4.0.1 Upgrade to version 5.0.5 or later for versions prior to 5.0.5 As a temporary workaround, consider restricting the use of the `setLocale()` and `updateLocale()` functions until a patch is available. Avoid using the ` proto ` locale to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** json versions prior to 10.0.0 **Description** The issue allows for the injection of arbitrary commands using the `parseLookup` function. **Recommendations** For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `parseLookup` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** express-fileupload versions prior to 1.1.8 **Description** The issue allows for denial of service or arbitrary code execution when a corrupt HTTP request is sent and the `parseNested` option is enabled. **Recommendations** For express-fileupload versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider disabling the `parseNested` option until a patch is available.