Description
fullPage utils are available to developers using window.fp_utils. They can use these utils for their own use-case (other than fullPage) as well. However, one of the utils deepExtend is vulnerable to Prototype Pollution vulnerability.
Recommendation
Update the fullpage.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.0.2
- Patched version(s): 4.0.2
References
Related Issues
- Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers - CVE-2022-41878
- Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks - CVE-2022-41879
- Grunt-karma vulnerable to prototype pollution - CVE-2022-37602
- Remote code execution via MongoDB BSON parser through prototype pollution - CVE-2022-39396
You might also like:
- Tags:
- npm
- fullpage.js
Anything's wrong? Let us know Last updated on January 27, 2023


