Description
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype
Remediation
References
https://github.com/timdown/rangy/issues/478
https://security.snyk.io/vuln/SNYK-JS-RANGY-3175702
Related Vulnerabilities
CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-taskmanager-core
CVE-2021-21636 Vulnerability in maven package org.jenkins-ci.plugins:tfs
CVE-2022-29214 Vulnerability in npm package next-auth
CVE-2020-28500 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash
CVE-2020-7760 Vulnerability in maven package org.webjars.bowergithub.components:codemirror