43 matches found
Prototype Pollution
Overview chart.js is a Simple HTML5 charts using the canvas element. Affected versions of this package are vulnerable to Prototype Pollution. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deep...
2cs-basecode (>=0.1.0 <=0.1.1), 8bit-ghost-ui (>=1.0.0-beta.1 <=1.0.0-beta.3) +345 more potentially affected by CVE-2020-7746 via chart.js (>=2.0.0 <=2.9.3)
chart.js NPM version =2.0.0, =0.1.0, =1.0.0-beta.1, =1.0.3, =1.0.0, =2.0.0, =2.0.0, =2.0.0-0f0f22634a7788f0af51de445431d067b20eec64, =2.0.0, =1.0.0, =7.0.1, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.7.0, =1.0.0, =1.0.36 and more Source cves: CVE-2020-7746 Source advisory: SNYK:JS-CHARTJS-1018716...
Node.js third-party modules: [chart.js] Prototype pollution
I would like to report a prototype pollution vulnerability in chart.js It allows an attacker to inject properties on Object.prototype which can for some applications lead to XSS. Module module name: chart.js version: 2.9.3 npm page: https://www.npmjs.com/package/chart.js Module Description Simple...