Bob Wombat Hogg

**Name of the Vulnerable Software and Affected Versions** @braintree/sanitize-url versions prior to 6.0.0 **Description** The issue is related to Cross-site Scripting (XSS) due to improper sanitization in the `sanitizeUrl` function. This allows for potential XSS attacks. **Recommendations** For versions prior to 6.0.0, update to version 6.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the `sanitizeUrl` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** extend2 versions prior to 1.0.1 **Description** The issue concerns Prototype Pollution via the `extend` function due to an unsafe recursive merge. This allows for potential manipulation of the prototype, which can lead to various security issues. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `extend` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** mootools (affected versions not specified) **Description** The issue arises from the ability to pass untrusted input to `Object.merge()`. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.