timdown/rangy

Releases26

Frequency6 months 3 weeks

Last Release over 1 year ago

Stars2.3K

A cross-browser JavaScript range and selection library.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-26102 ↗	Feb 24, 2023Friday, 24 February 2023, 05:15	7.5 HIGH	—
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype