marcbachmann
commented
1 year ago @timdown feel free to add me as maintainer here and on npm if you don't have the time to maintain this module. Then we can at least get the security issues fixed.
Open JordiVM opened 1 year ago
marcbachmann
commented
1 year ago @timdown feel free to add me as maintainer here and on npm if you don't have the time to maintain this module. Then we can at least get the security issues fixed.
antonh-ne
commented
1 year ago suggestion:
People aware of this vulnerability can patch it themselves for now, until a fix has been merged.
Talendar
commented
1 month ago @timdown, please, merge the fix and accept new maintainers.
fixes #481
Rangy was flagged with Prototype Pollution vulnerability at the end of 2022. This PR proposes a solution by skipping the problematic object attributes in
rangy.util.extend()