Headline
GHSA-65rp-mhqf-8gj3: rangy vulnerable to Prototype Pollution
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype.
rangy vulnerable to Prototype Pollution
High severity GitHub Reviewed Published Feb 24, 2023 to the GitHub Advisory Database • Updated Feb 24, 2023
Related news
CVE-2023-26102: Prototype pollution in function extend in the file rangy-core.js · Issue #478 · timdown/rangy
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype