{"source":1120607,"name":"js-cookie","dependency":"js-cookie","title":"JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection","url":"https://github.com/advisories/GHSA-qjx8-664m-686j","severity":"high","versions":["1.5.0","1.5.1","2.0.0-pre","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0-pre","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","3.0.0-beta.0","3.0.0-beta.1","3.0.0-beta.2","3.0.0-beta.3","3.0.0-beta.4","3.0.0-rc.0","3.0.0-rc.1","3.0.0-rc.2","3.0.0-rc.3","3.0.0-rc.4","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8"],"vulnerableVersions":["1.5.0","1.5.1","2.0.0-pre","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0-pre","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","3.0.0-beta.0","3.0.0-beta.1","3.0.0-beta.2","3.0.0-beta.3","3.0.0-beta.4","3.0.0-rc.0","3.0.0-rc.1","3.0.0-rc.2","3.0.0-rc.3","3.0.0-rc.4","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5"],"cwe":["CWE-1321"],"cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"range":"<=3.0.5","id":"rRntD9xGT1TuM/8r3rYVhoNTexV9krWAl3EoW6jboVAUPfIwU+qTHcPAD3t/XhvMJjOPTt+T+fPVvRnq5+IFFQ=="}