Description
Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.
Recommendation
Update the collection.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 6.8.1
- Patched version(s): 6.8.1
References
Related Issues
- rangy vulnerable to Prototype Pollution - CVE-2023-26102
- underscore-keypath vulnerable to Prototype Pollution - CVE-2023-26139
- fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name - CVE-2023-26920
- mockjs vulnerable to Prototype Pollution via the Util.extend function - CVE-2023-26158
- Tags:
- npm
- collection.js
Anything's wrong? Let us know Last updated on November 29, 2023