0.002 Low
EPSS
Percentile
54.1%
vconsole is vulnerable to Prototype Pollution. An attacker can inject properties into existing prototypes via the setOption function of core.ts and modify the __proto__ attribute in the keyOrObj parameter.
setOption
core.ts
__proto__
keyOrObj
cwe.mitre.org/data/definitions/1321.html
github.com/advisories/GHSA-f737-3fh6-jf6w
github.com/Tencent/vConsole/blob/346ae6404c0881a9e18c904a63424df356da801e/src/core/core.ts#L519-L542
github.com/Tencent/vConsole/issues/616