A vulnerability was found in yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. Reference: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
Created nodejs-yargs-parser tracking bugs for this issue: Affects: fedora-all [bug 1840005]
Patch: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7608
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:0521 https://access.redhat.com/errata/RHSA-2021:0521
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0548 https://access.redhat.com/errata/RHSA-2021:0548
This issue has been addressed in the following products: Red Hat OpenShift Container Storage 4.7.0 on RHEL-8 Via RHSA-2021:2041 https://access.redhat.com/errata/RHSA-2021:2041
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2021:3917 https://access.redhat.com/errata/RHSA-2021:3917