CVE-2023-26102

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-1321
View all →

Vulnerability Description

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype

Related Vulnerabilities

CVE-2023-26158

HIGH
CVSS:8.2(High)

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying att...

CWE-13212023

CVE-2023-28103

HIGH
CVSS:8.2(High)

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the...

CWE-13212023

CVE-2023-28427

HIGH
CVSS:8.2(High)

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-j...

CWE-13212023

CVE-2024-21489

HIGH
CVSS:8.2(High)

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

CWE-13212024

CVE-2024-21512

HIGH
CVSS:8.2(High)

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

CWE-13212024

CVE-2024-21529

HIGH
CVSS:8.2(High)

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious o...

CWE-13212024