Primereact
Monthly
Prototype pollution in PrimeReact (all versions through 10.9.8) allows authenticated remote attackers to improperly modify JavaScript object prototype attributes via the ObjectUtils.mutateFieldData API function by crafting malicious Field argument values. Affected deployments face limited confidentiality and integrity exposure at the vulnerable system level. No patch has been issued - the maintainer has not responded to responsible disclosure, and the affected version range is officially end-of-life. No public exploit code or CISA KEV listing has been identified at time of analysis.
Prototype pollution in PrimeReact (all versions through 10.9.8) allows authenticated remote attackers to improperly modify JavaScript object prototype attributes via the ObjectUtils.mutateFieldData API function by crafting malicious Field argument values. Affected deployments face limited confidentiality and integrity exposure at the vulnerable system level. No patch has been issued - the maintainer has not responded to responsible disclosure, and the affected version range is officially end-of-life. No public exploit code or CISA KEV listing has been identified at time of analysis.