15 matches found
EUVD-2023-0637
Malicious code in bioql PyPI...
CVE-2023-26102
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
Prototype Pollution
rangy is vulnerable to Prototype Pollution. The vulnerability exists in the extend function of rangy-core.js, due to the usage of a recursive merge which allows an attacker to modify Object.prototype properties, resulting in Prototype Pollution...
GHSA-65RP-MHQF-8GJ3 rangy vulnerable to Prototype Pollution
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
rangy vulnerable to Prototype Pollution
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
rk-editor (=2.2.11) potentially affected by CVE-2023-26102 via rangy (=1.3.1)
rangy NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on rangy and may be impacted: - rk-editor =2.2.11 Source cves: CVE-2023-26102 Source advisory: OSV:GHSA-65RP-MHQF-8GJ3...
CVE-2023-26102
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
CVE-2023-26102
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
Buffer overflow
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
CVE-2023-26102
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
CVE-2023-26102
CVE-2023-26102 affects the rangy package, where all versions are vulnerable to a prototype pollution flaw in the extend() function of rangy-core.js. The vulnerability arises from an unsafe recursive merge that can copy attacker-controlled properties onto Object.prototype, enabling pollution of al...
CVE-2023-26102
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...
rangy 安全漏洞
rangy is a cross-browser JavaScript selection library. A security vulnerability exists in timdown rangy that stems from the presence of a prototype contamination vulnerability...
Prototype Pollution
Overview rangy is an A cross-browser DOM range and selection library Affected versions of this package are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototy...
rk-editor (=2.2.11) potentially affected by CVE-2023-26102 via rangy (=1.3.1)
rangy NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on rangy and may be impacted: - rk-editor =2.2.11 Source cves: CVE-2023-26102 Source advisory: SNYK:JS-RANGY-3175702...