3 matches found
CVE-2020-26296
A flaw was found in nodejs-vega. An attacker, using a specially crafted Vega expression, could execute a cross-side scripting attack on a victim's machine allowing them to execute arbitrary JavaScript. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation...
CVE-2020-26296
CVE-2020-26296 concerns a cross-site scripting (XSS) vulnerability in the Vega visualization library used in the npm package, present in Vega before version 5.17.3. The vulnerability arises from specially crafted Vega expressions that could cause arbitrary JavaScript execution on a victim’s machi...
@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +77 more potentially affected by CVE-2020-26296 via vega (>=1.5.4 <=5.17.2)
vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =0.8.0, =1.0.0-alpha.13, =0.0.1, =1.0.0, =1.4.0, =1.0.3, =3.2.4 and more Source cves: CVE-2020-26296 Source advisory: OSV:GHSA-R2QC-W64X-6J54...