CVE-2026-27212

CVE-2026-27212 affects the npm package swiper (versions 6.5.1 through 12.1.1). The vulnerability is a prototype pollution in shared/utils.mjs where indexOf() checks input against forbidden strings; crafted input can pollute Object.prototype via Array.prototype, despite a prior mitigation. This ca...

Swiper 安全漏洞

Swiper is a free mobile touch slider developed by Vladimir Kharlampidi. It is designed for mobile websites, mobile web applications, and native mobile applications. Versions of Swiper from 6.5.1 to 12.1.1 contain security vulnerabilities. These vulnerabilities stem from prototype pollution, which...

Prototype pollution in swiper

Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...

GHSA-HMX5-QPQ5-P643 Prototype pollution in swiper

Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...