CVE-2023-26133: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
(updated )
All versions of the package progressbar.js is vulnerable to Prototype Pollution via the function extend() in the file utils.js.
References
- github.com/kimmobrunfeldt/progressbar.js/blob/74536b9eeeaaf51144706d918ed5a0a679631d96/src/utils.js%23L18
- github.com/kimmobrunfeldt/progressbar.js/blob/74536b9eeeaaf51144706d918ed5a0a679631d96/src/utils.js%23L20
- nvd.nist.gov/vuln/detail/CVE-2023-26133
- security.snyk.io/vuln/SNYK-JS-PROGRESSBARJS-3184152
Detect and mitigate CVE-2023-26133 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →