Description
** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes.
Remediation
References
Related Vulnerabilities
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20)
Apache HTTP Server Other Vulnerability (CVE-2002-0257)
WordPress Plugin Smart Marketing SMS and Newsletters Forms Cross-Site Scripting (1.1.1)
WordPress Plugin YITH WooCommerce Product Add-Ons Cross-Site Scripting (2.2.2)
Werkzeug WSGI URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-28724)