Open JordiVM opened 1 year ago
@timdown feel free to add me as maintainer here and on npm if you don't have the time to maintain this module. Then we can at least get the security issues fixed.
suggestion:
People aware of this vulnerability can patch it themselves for now, until a fix has been merged.
@timdown, please, merge the fix and accept new maintainers.
fixes #481
Rangy was flagged with Prototype Pollution vulnerability at the end of 2022. This PR proposes a solution by skipping the problematic object attributes in
rangy.util.extend()