CVE-2024-21489

A flaw was found in uPlot. This vulnerability allows prototype pollution via the uplot.assign function due to missing checks for attributes that resolve to the object prototype. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

@automattic/jetpack-ai-client (>=0.1.5 <=0.16.1), @automattic/jetpack-components (>=0.41.2 <=0.56.0) +41 more potentially affected by CVE-2024-21489 via uplot (>=1.1.2 <=1.6.30)

uplot NPM version =1.1.2, =0.1.5, =0.41.2, =0.29.8, =0.11.2, =5.0.2, =1.0.0, =8.3.0, =10.2.0, =0.0.1, =0.8.0, =0.0.1-preview1, =0.1.10, =10.4.0, =11.3.0-199210 and more Source cves: CVE-2024-21489 Source advisory: SNYK:JS-UPLOT-6209224...