CVE-2021-26505: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

August 11, 2023 (updated August 16, 2023)

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.

References

github.com/MrSwitch/hello.js/issues/634
nvd.nist.gov/vuln/detail/CVE-2021-26505

Detect and mitigate CVE-2021-26505 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →