EUVD-2024-2911

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-21489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves t...

uplot: Prototype Pollution in uplot

A flaw was found in uPlot. This vulnerability allows prototype pollution via the uplot.assign function due to missing checks for attributes that resolve to the object prototype...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

RHEL 8 : grafana (RHSA-2024:8083)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8083 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: uplot: Prototype...

CVE-2024-21489

A flaw was found in uPlot. This vulnerability allows prototype pollution via the uplot.assign function due to missing checks for attributes that resolve to the object prototype. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

uPlot Prototype Pollution vulnerability

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype...

GHSA-34Q8-JCQ6-MC37 uPlot Prototype Pollution vulnerability

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype...

@automattic/jetpack-ai-client (>=0.1.5 <=0.16.1), @automattic/jetpack-components (>=0.41.2 <=0.56.0) +41 more potentially affected by CVE-2024-21489 via uplot (>=1.1.2 <=1.6.30)

uplot NPM version =1.1.2, =0.1.5, =0.41.2, =0.29.8, =0.11.2, =5.0.2, =1.0.0, =8.3.0, =10.2.0, =0.0.1, =0.8.0, =0.0.1-preview1, =0.1.10, =10.4.0, =11.3.0-199210 and more Source cves: CVE-2024-21489 Source advisory: OSV:GHSA-34Q8-JCQ6-MC37...

CVE-2024-21489

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype...

CVE-2024-21489

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype...

uPlot 安全漏洞

uPlot is a fast, memory-efficient Canvas 2D-based chart for drawing time series, lines, areas, ohlc, and bars from leeoniya personal developer. A security vulnerability exists in uPlot versions prior to 1.6.31, which stems from a lack of checking whether attributes resolve to object prototypes...

PT-2024-18905 · Uplot · Uplot

Name of the Vulnerable Software and Affected Versions: uplot versions prior to 1.6.31 Description: The issue is related to Prototype Pollution via the uplot.assign function due to a missing check if the attribute resolves to the object prototype. This allows for potential manipulation of the...

@automattic/jetpack-ai-client (>=0.1.5 <=0.16.1), @automattic/jetpack-components (>=0.41.2 <=0.56.0) +41 more potentially affected by CVE-2024-21489 via uplot (>=1.1.2 <=1.6.30)

uplot NPM version =1.1.2, =0.1.5, =0.41.2, =0.29.8, =0.11.2, =5.0.2, =1.0.0, =8.3.0, =10.2.0, =0.0.1, =0.8.0, =0.0.1-preview1, =0.1.10, =10.4.0, =11.3.0-199210 and more Source cves: CVE-2024-21489 Source advisory: SNYK:JS-UPLOT-6209224...

Prototype Pollution

Overview uplot is an A small, fast chart for time series, lines, areas, ohlc & bars Affected versions of this package are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. PoC js var uplot = require"uplot" BADJS...