EPSS
Percentile
45.0%
gsap is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype.
__proto__
constructor
prototype
github.com/advisories/GHSA-6g8v-hpgw-h2v7
github.com/greensock/GSAP/blob/master/src/gsap-core.js%23L147
github.com/greensock/GSAP/commit/e066b1f826f53b9c7253ecdd2f52fcb751ba9cb5
www.npmjs.com/advisories/1608