{"id":"CVE-2020-7774","details":"The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.","aliases":["GHSA-c4w7-xm78-47vh"],"modified":"2026-05-12T03:52:28.698066Z","published":"2020-11-17T13:15:12.633Z","related":["ALSA-2020:5499","ALSA-2021:0548","ALSA-2021:0551","SNYK-JAVA-ORGWEBJARSNPM-1038306","SNYK-JS-Y18N-1021887","SUSE-SU-2021:2319-1","SUSE-SU-2021:2323-1","SUSE-SU-2021:2326-1","SUSE-SU-2021:2327-1","SUSE-SU-2021:2353-1","SUSE-SU-2021:2354-1","SUSE-SU-2021:2618-1","SUSE-SU-2021:2620-1","openSUSE-SU-2021:1059-1","openSUSE-SU-2021:1060-1","openSUSE-SU-2021:1061-1","openSUSE-SU-2021:1113-1","openSUSE-SU-2021:2327-1","openSUSE-SU-2021:2353-1","openSUSE-SU-2021:2354-1","openSUSE-SU-2021:2618-1","openSUSE-SU-2024:11096-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"fixed":"1.0.1.1"}]},{"cpe":"cpe:2.3:a:y18n_project:y18n:*:*:*:*:*:node.js:*:*","source":"CPE_FIELD","extracted_events":[{"fixed":"3.2.2"},{"introduced":"5.0.0"},{"fixed":"5.0.5"}]},{"cpe":"cpe:2.3:a:y18n_project:y18n:4.0.0:*:*:*:*:node.js:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"4.0.0"}]}]},"references":[{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"FIX","url":"https://github.com/yargs/y18n/pull/108"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"EVIDENCE","url":"https://github.com/yargs/y18n/issues/96"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"last_affected":"251e15bf41dcc0c1b4e3debdb7d01f7082734ddd"},{"last_affected":"3c6e4c01b14bb666c14501160ba526442b051b5a"},{"last_affected":"2ada493c63db015cc41bca1021f0e567f51893c6"}],"database_specific":{"cpe":["cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*","cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*","cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"19.3.5"},{"last_affected":"20.3.1.2"},{"last_affected":"21.0.0.2"}]}}],"versions":["vm-19.3.2","vm-19.3.2-pre","vm-19.3.3","vm-19.3.4","vm-19.3.5","vm-20.0.1","vm-20.1.0","vm-20.2.0","vm-20.3.0","vm-20.3.1","vm-20.3.1.2","vm-21.0.0","vm-21.0.0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7774.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}