Description
Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.
Remediation
References
https://github.com/MrSwitch/hello.js/issues/634
Related Vulnerabilities
CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system
CVE-2021-3597 Vulnerability in maven package io.undertow:undertow-core
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.12
CVE-2023-29202 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-macro-rss