9 matches found
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
EUVD-2019-0780
Malware in sbrugna...
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
Code injection
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
CVE-2019-18841
Chartkick.js 3.1.0–3.1.3 (used in the Chartkick gem for Ruby prior to 3.3.0) is vulnerable to prototype pollution due to unsafe handling of chart options. The root cause is that crafted input containing a payload like {"proto ": {"polluted": true}} can modify Object prototypes. As a result, attac...
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution...
Prototype Pollution in Chartkick.js 3.1.x
A specially crafted response in data loaded via URL can cause prototype pollution in JavaScript...