CVE-2020-26237
Highlight.js vulnerability CVE-2020-26237: Prototype Pollution in versions before 9.18.2 and 10.1.2 (and older); a malicious HTML block could pollute Object.prototype during highlighting. Upstream fixes exist in 9.18.2+, 10.1.2+, and newer. Debian/OSS advisories also reference updates; remediatio...