29 matches found
EUVD-2019-0534
Malware in sbrugna...
EUVD-2020-0584
Malware in sbrugna...
CVE-2020-16254
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
CSS Injection in Chartkick gem
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
GHSA-3J95-FJV2-3M4P CSS Injection in Chartkick gem
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
CSS Injection
Overview chartkick is a Ruby gem that allows creation of JavaScript charts. Affected versions of this package are vulnerable to CSS Injection. Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...
Chartkick Injection Vulnerability
Chartkick is a package for creating JavaScript icons. An injection vulnerability exists in Chartkick gem 3.3.2 and earlier versions Ruby. The vulnerability stems from a lack of proper validation of user input data by a networked system or product that does not filter, or does not correctly filter...
CVE-2020-16254
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
CVE-2020-16254
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
Code injection
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
CVE-2020-16254
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...
CVE-2020-16254
The CVE-2020-16254 entry concerns the Chartkick gem for Ruby, affecting versions up to 3.3.2. The vulnerability is described as CSS Injection (without attribute), with the root cause identified as a CSS injection issue in Chartkick. The provided connected documents consistently reference the same...
CSS injection with width and height options
Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...
Prototype Pollution in chartkick
Affected versions of @polymer/polymer are vulnerable to prototype pollution. The package fails to prevent modification of object prototypes through chart options containing a payload such as "proto": "polluted": true. It is possible to achieve the same results if a chart loads data from a malicio...
GHSA-5PM8-492C-92P5 Prototype Pollution in chartkick
Affected versions of @polymer/polymer are vulnerable to prototype pollution. The package fails to prevent modification of object prototypes through chart options containing a payload such as "proto": "polluted": true. It is possible to achieve the same results if a chart loads data from a malicio...
Prototype Pollution
chartkick is vulnerable to prototype pollution. Attackers can manipulate attributes to overwrite, or pollute existing properties relating to an Object by injecting malicious values through the proto attribute. Using this flaw the attackers can cause a denial of service DoS condition and in some...
Code injection
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
Ruby Chartkick gem cross-site scripting vulnerability
Ruby Chartkick gem is a Ruby-based package for creating Javascript charts. A cross-site scripting vulnerability exists in Ruby Chartkick gem version 3.1.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...