Vulnerability Details CVE-2023-26102
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-26102
-
cpe:2.3:a:rangy_project:rangy:-