gh-pages is vulnerable to prototype pollution. The vulnerability exists because of lack of validations in partial
variable in util.js
which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating the base object.