@react-email/editor is vulnerable to Prototype Pollution
59
Medium Risk
The email-theming plugin in @react-email/editor builds CSS-in-JS objects from panel-style theme input using plain object literals in transformToCssJs and mergeCssJs. Because these objects inherit from Object.prototype, attacker-controlled keys such as __proto__, constructor, or prototype in the supplied theme or panel-style input route through the prototype setter and mutate Object.prototype globally. This prototype pollution can corrupt application state or influence later logic in the consuming application. The fix builds cssJS and merged theme objects with Object.create(null) and uses defensive merging so hostile keys become plain own properties instead of mutating the global prototype.
You are affected if you are using a version that falls within the vulnerable range and your application passes attacker-controlled theme or panel-style input into the email-theming plugin.
@react-email/editor is vulnerable to Prototype Pollution in versions 1.0.0 - 1.4.7.
Upgrade the @react-email/editor library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant