Strix
26.1K

CVE-2023-26102

HIGHCVSS 8.2/10EPSS 0.77%

Last modified

CVE-2023-26102 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype . EPSS estimates a 0.77% chance of exploitation in the next 30 days.

Description

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype

Metrics

CVSS 3.1
8.2/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Probability
0.77%

50.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Rangy ProjectRangyAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-26102?
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype
How severe is CVE-2023-26102?
CVE-2023-26102 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.77% probability of exploitation in the next 30 days.
How do I fix CVE-2023-26102?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-26102?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST