Описание
Prototype Pollution in fullpage.js
fullPage utils are available to developers using window.fp_utils. They can use these utils for their own use-case (other than fullPage) as well. However, one of the utils deepExtend is vulnerable to Prototype Pollution vulnerability.
Javascript is "prototype" language which means when a new "object" is created, it carries the predefined properties and methods of an "object" with itself like toString, constructor etc. By using prototype-pollution vulnerability, an attacker can overwrite/create the property of that "object" type. If the victim developer has used that property anywhere in the code, then it will have severe effect on the application.
Пакеты
fullpage.js
< 4.0.2
4.0.2
Связанные уязвимости
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.