CVE-2023-26102

Name of the Vulnerable Software and Affected Versions rangy versions all

Description The issue concerns Prototype Pollution in the rangy package. It occurs when using the extend() function in the file rangy-core.js, which utilizes a recursive merge. This can allow an attacker to modify properties of the Object.prototype.

Recommendations For all versions, consider disabling the extend() function in rangy-core.js as a temporary workaround until a patch is available. Restrict access to the rangy-core.js file to minimize the risk of exploitation. Avoid using the extend() function in the affected file until the issue is resolved.