CVE-2020-7598

Name of the Vulnerable Software and Affected Versions minimist versions prior to 1.2.2 minimist versions prior to 0.2.1

Description The issue is related to the minimist library, which is vulnerable to prototype pollution. This occurs because arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, resulting in the addition or modification of an existing property that will exist on all objects. For example, parsing the argument -- proto .y=Polluted adds a y property with value Polluted to all objects. The argument -- proto =Polluted raises an uncaught error and crashes the application. This is exploitable if attackers have control over the arguments being passed to minimist.

Recommendations For versions prior to 0.2.1, upgrade to version 0.2.1 or later. For versions prior to 1.2.2, upgrade to version 1.2.3 or later. As a temporary workaround, consider restricting the use of the minimist library until a patch is applied, especially in scenarios where argument control is limited.