Описание
rangy vulnerable to Prototype Pollution
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype.
Пакеты
Наименование
rangy
npm
Затронутые версииВерсия исправления
<= 1.3.1
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
почти 3 года назад
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype