rangy is vulnerable to Prototype Pollution. The vulnerability exists in the extend
function of rangy-core.js
, due to the usage of a recursive merge which allows an attacker to modify Object.prototype
properties, resulting in Prototype Pollution.