Description
Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.
Remediation
References
https://github.com/MrSwitch/hello.js/issues/634
Related Vulnerabilities
CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash.merge
CVE-2019-1010266 Vulnerability in maven package org.webjars:lodash
CVE-2017-16129 Vulnerability in maven package org.webjars.npm:superagent
CVE-2022-0639 Vulnerability in npm package url-parse
CVE-2023-39010 Vulnerability in maven package org.boofcv:boofcv-core