You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security / Helpers (prototype pollution): Jodit.modules.Helpers.set(chain, value, obj) walked the dot-separated chain and created/followed each segment without filtering prototype-mutating keys, so a chain such as __proto__.polluted (e.g. set('__proto__.polluted', 'yes', {})) could reach and mutate Object.prototype (CWE-1321). set now bails out when any segment is __proto__, constructor, or prototype, reusing the same guard added for Jodit.configure() in 4.12.18. Responsibly reported by Junming Wu.
