CVE-2024-14020

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

GHSA-6RCW-WW3X-XQWM carbone Code Injection vulnerability

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

@bcgov/carbone-copy-api (>=1.0.0 <=2.1.1), @bcgov/carbone-render (>=1.0.0 <=2.1.2) +11 more potentially affected by CVE-2024-14020 via carbone (>=1.1.0 <=2.1.1)

carbone NPM version =1.1.0, =1.0.0, =1.0.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =1.0.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.5.0-rc.4 Source cves: CVE-2024-14020 Source advisory: OSV:GHSA-6RCW-WW3X-XQWM...

carbone Code Injection vulnerability

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

Prototype Pollution

Overview carbone is a Fast, Simple and Powerful report generator. Injects JSON and produces PDF, DOCX, XLSX, ODT, PPTX, ODS, ...! Affected versions of this package are vulnerable to Prototype Pollution via the formatters parameter in lib/input.js. An attacker can modify object prototype attribute...

EUVD-2026-1182

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

carbone 安全漏洞

carbone is a report generator open-sourced by CarboneIO. A security vulnerability exists in carbone that stems from improper manipulation of the Formatter Handler component in the lib/input.js file, which could lead to a prototype contamination attack...

PT-2026-1548

Name of the Vulnerable Software and Affected Versions carboneio carbone versions prior to 3.5.6 Description A weakness exists in carboneio carbone up to version fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. The issue resides in the Formatter Handler component, specifically within the file lib/input.j...