CVE-2023-26102
CVE-2023-26102 affects the rangy package, where all versions are vulnerable to a prototype pollution flaw in the extend() function of rangy-core.js. The vulnerability arises from an unsafe recursive merge that can copy attacker-controlled properties onto Object.prototype, enabling pollution of al...