In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.
CPE | Name | Operator | Version |
---|---|---|---|
plotly.js | lt | 2.25.2 | |
plotly/plotly.js | lt | 2.25.2 |
github.com/advisories/GHSA-wjc4-73q6-gv3m
github.com/plotly/plotly.js/commit/02498404c8ad7a3395191e65694fb142a37b0fe9
github.com/plotly/plotly.js/commit/5efd2a1f07a418b230a5626fc6c1c7929c47949d
github.com/plotly/plotly.js/releases/tag/v2.25.2
nvd.nist.gov/vuln/detail/CVE-2023-46308
plotly.com/javascript/