Description
A prototype pollution vulnerability in MrSwitch hello.js prior to version 1.18.8 allows remote attackers to execute arbitrary code via hello.utils.extend function.
Recommendation
Update the hellojs package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.18.8
- Patched version(s): 1.18.8
References
Related Issues
- Baobab vulnerable to Prototype Pollution - CVE-2021-4307
- npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
- dustjs-linkedin vulnerable to Prototype Pollution - CVE-2021-4264
- Prototype Pollution in litespeed.js and appwrite/server-ce - CVE-2021-23682
- Tags:
- npm
- hellojs
Anything's wrong? Let us know Last updated on November 09, 2023