Joshua Sheridan

**Name of the Vulnerable Software and Affected Versions** higuma web-audio-recorder-js versions 0.1 and 0.1.1 **Description** A flaw exists in the `extend` function within the `lib/WebAudioRecorder.js` library, specifically in the Dynamic Config Handling component. This allows for improper modification of object prototype attributes. The issue is remotely exploitable, but requires a high level of complexity to successfully execute. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Update to a newer version of higuma web-audio-recorder-js that addresses this issue. As a temporary workaround, consider avoiding the use of the `extend` function within the `lib/WebAudioRecorder.js` library.