What is GHSA-vh95-rmgr-6w4m?

Prototype Pollution in minimist This vulnerability has been assigned a severity rating of MODERATE.

How do I check if my project is affected by GHSA-vh95-rmgr-6w4m?

Use GeekWala's free vulnerability scanner to check your dependencies against GHSA-vh95-rmgr-6w4m and 200,000+ other known vulnerabilities. Upload your package.json, requirements.txt, or other dependency file to get instant results.

GHSA-vh95-rmgr-6w4m

MODERATE

Prototype Pollution in minimist

Published April 3, 2020Updated January 14, 2025Source: osv

Details

Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. This is exploitable if attackers have control over the arguments being passed to `minimist`. ## Recommendation Upgrade to versions 0.2.1, 1.2.3 or later.

Remediation

Upgrade to the fixed version using your package manager.

npm

Update minimist to 1.2.3 or later

npm install minimist@1.2.3

npm

Update minimist to 0.2.1 or later

npm install minimist@0.2.1

After upgrading, run your dependency scanner again to confirm the vulnerability is resolved.

Affected Packages (2)

Package	Ecosystem	Affected	Fixed In
minimist	npm	All versions	1.2.3
minimist	npm	All versions	0.2.1

Vulnerability Classification

Common Weakness Enumeration (CWE) identifiers for this vulnerability type.

CWE-1321
Prototype PollutionMITRE

CVSS Score Breakdown

What the CVSS (Common Vulnerability Scoring System) 3.1 score means for each attack dimension.

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

Risk Assessment

CVSS Score

3.1

Exploitation is difficult or impact is minor. Address in your next planned update.

EPSS Score (30-day exploit probability)

0.25%

Higher than 48% of vulnerabilities

Also Known As

CVE-2020-7598

Check if you're affected

Scan your dependencies to see if this vulnerability affects your projects.

Scan Your Dependencies