CVE-2021-26505: MrSwitch hello.js vulnerable to prototype pollution

Severity: Critical

CVSS Score: 9.8

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.