GHSA-3JP5-5F8R-Q2WG Vuetify has a Prototype Pollution vulnerability

The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...

PT-2022-17580 · Vuetify · Vuetify

Name of the Vulnerable Software and Affected Versions: vuetify versions 2.0.0-beta.4 through 2.6.10 Description: The issue is related to Cross-site Scripting XSS due to improper input sanitization in the eventName function within the VCalendar component. This allows for potential malicious script...