CVE-2021-26505 Information

Description

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6 allows remote attackers to execute arbitrary code via hello.utils.extend function.

Reference

https://github.com/MrSwitch/hello.js/issues/634