CVE-2022-39357

Name of the Vulnerable Software and Affected Versions Winter versions 1.1.8 through 1.2.0

Description The Snowboard framework in Winter is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. This issue has been patched in versions 1.1.10 and 1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.

Recommendations For versions 1.1.8 through 1.1.9, update to version 1.1.10 to resolve the issue. For version 1.2.0, update to version 1.2.1 to resolve the issue. As a temporary workaround, consider implementing a content security policy and auditing scripts to minimize the risk of exploitation.