Description
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype
Remediation
References
https://github.com/timdown/rangy/issues/478
https://security.snyk.io/vuln/SNYK-JS-RANGY-3175702
Related Vulnerabilities
CVE-2023-24620 Vulnerability in maven package com.esotericsoftware.yamlbeans:yamlbeans
CVE-2020-7691 Vulnerability in maven package org.webjars.npm:jspdf
CVE-2021-43116 Vulnerability in maven package com.alibaba.nacos:nacos-client
CVE-2022-35917 Vulnerability in npm package @solana/pay
CVE-2016-10707 Vulnerability in maven package org.webjars.bower:jquery