CVE-2023-26113

Collection.js vulnerable to Prototype Pollution in npm/collection.js

Identifiers

CVE-2023-26113, GHSA-47pj-q2vm-46xc

Package Slug

npm/collection.js

Vulnerability

Collection.js vulnerable to Prototype Pollution

Description

Versions of the package collection.js before 6.8.1 is vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.

Affected Versions

All versions before 6.8.1

Solution

Upgrade to version 6.8.1 or above.

Last Modified

2023-03-22

source