2 matches found
CVE-2026-16150
The CVE affects RobinHerbots Inputmask (versions up to 5.0.9). The vulnerability arises in the Internal Deep Merge Helper’s extendDefaults/extendDefinitions/extendAliases in lib/dependencyLibs/extend.js, causing improperly controlled modification of object prototype attributes (prototype pollutio...
CVE-2026-16150 RobinHerbots Inputmask Internal Deep Merge Helper extend.js extendAliases prototype pollution
A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. Affected by this issue is the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of the component Internal Deep Merge Helper. The manipulation results in improperly controlled...