VYPR

npm package

js-cookie

pkg:npm/js-cookie

Vulnerabilities (1)

  • CVE-2026-46625HigJun 10, 2026
    affected < 3.0.7fixed 3.0.7

    JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "__proto__" member is an o