rangy icon indicating copy to clipboard operation
rangy copied to clipboard
verified publisher icon timdown

Fix Prototype Pollution vulnerability (CVE-2023-26102) [security]

Open JordiVM opened this issue 2 years ago • 3 comments

fixes #481

Rangy was flagged with Prototype Pollution vulnerability at the end of 2022. This PR proposes a solution by skipping the problematic object attributes in rangy.util.extend()

JordiVM avatar Apr 06 '23 06:04 JordiVM

@timdown feel free to add me as maintainer here and on npm if you don't have the time to maintain this module. Then we can at least get the security issues fixed.

marcbachmann avatar Apr 13 '23 08:04 marcbachmann

suggestion:

People aware of this vulnerability can patch it themselves for now, until a fix has been merged.

antonh-ne avatar Aug 23 '23 12:08 antonh-ne

@timdown, please, merge the fix and accept new maintainers.

Talendar avatar Aug 28 '24 17:08 Talendar