CVE-2022-1295

Name of the Vulnerable Software and Affected Versions fullpage.js versions prior to 4.0.2

Description The issue is related to Prototype Pollution in the fullpage.js GitHub repository. This affects the deepExtend utility, which is part of the fullPage utils available to developers via window.fp utils. The deepExtend utility is vulnerable, allowing an attacker to overwrite or create properties of an object type by exploiting the prototype pollution vulnerability. This can have severe effects on the application if the victim developer has used the overwritten property elsewhere in the code.

Recommendations For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the deepExtend utility until a patch is applied.