Component block propPath can enable prototype pollution
Keystone Zero Day Research
Summary
Component block propPath allows arbitrary string keys. The renderer applies propPath with a recursive setter that does not block __proto__, constructor, or prototype, enabling prototype pollution when untrusted documents are rendered.
CVSS
CVSS v4.0 Ba...
