Prototype Pollution in internal `assign()` helper in Linkify allows remote attackers to execute arbitrary JavaScript (Stored or Reflected XSS) via injection of event handlers through unfiltered proto property. This issue affects Linkify version 4.3.1 and is fixed in 4.3.2.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free