shvl vulnerable to prototype pollution

Severity:: High

Description

Prototype pollution vulnerability in ‘shvl’ versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Recommendation

Update the shvl package to the latest compatible version. Followings are version details:

Affected version(s): >= 1.0.0, <= 2.0.1
Patched version(s): 2.0.2

References

GHSA-pqwc-3vhw-qcvq
web.archive.org
CVE-2020-28278
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

TypeORM vulnerable to MAID and Prototype Pollution - CVE-2020-8158
yargs-parser Vulnerable to Prototype Pollution - CVE-2020-7608
parse is vulnerable to prototype pollution - CVE-2025-57324
Elysia vulnerable to prototype pollution with multiple standalone schema validation - CVE-2025-66456

Tags:: npm; shvl

Anything's wrong? Let us know Last updated on February 01, 2024