Tag
The js-cookie library is vulnerable to prototype pollution via the `assign()` function when processing JSON-derived objects, enabling an attacker to inject arbitrary cookie attributes by manipulating the `__proto__` property, as demonstrated by CVE-2026-46625.