Vulnerability	Vulnerable Version
H Prototype Pollution linkifyjs is a Find URLs, email addresses, #hashtags and @mentions in plain-text strings, then convert them into HTML links. Affected versions of this package are vulnerable to Prototype Pollution via the internal `assign()` helper due to improper filtering of the `__proto__` property. An attacker can achieve Stored or Reflected XSS by injecting event handlers into generated links. How to fix Prototype Pollution? Upgrade `linkifyjs` to version 4.3.2 or higher.	<4.3.2

Prototype Pollution

linkifyjs is a Find URLs, email addresses, #hashtags and @mentions in plain-text strings, then convert them into HTML links.

Affected versions of this package are vulnerable to Prototype Pollution via the internal assign() helper due to improper filtering of the __proto__ property. An attacker can achieve Stored or Reflected XSS by injecting event handlers into generated links.

How to fix Prototype Pollution?

Upgrade linkifyjs to version 4.3.2 or higher.

<4.3.2

Go back to all versions of this package