litespeed.js is vulnerable to prototype pollution. The vulnerability exists due to a lack of sanitization for the key
value in the state.js
file which allows an attacker to inject properties into existing construct prototypes and modify attributes.
github.com/advisories/GHSA-v9p9-535w-4285
github.com/appwrite/appwrite/pull/2778
github.com/appwrite/appwrite/releases/tag/0.11.1
github.com/appwrite/appwrite/releases/tag/0.12.2
github.com/litespeed-js/litespeed.js/commit/7454938a115316ae2be69e4d01d734b08153379b
github.com/litespeed-js/litespeed.js/pull/18