CVE-2020-26237HIGHCVSS 8.7fixed in 9.18.2·≥ 10.1.0, < 10.1.2+1 more2020-11-24
CVE-2020-26237 [HIGH] CWE-471 CVE-2020-26237: Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app v
cvelistv5nvd