Опубликовано: 01 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.8
CVSS3: 8.2
Описание
uPlot Prototype Pollution vulnerability
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
Пакеты
Наименование
uplot
npm
Затронутые версииВерсия исправления
< 1.6.31
1.6.31
Связанные уязвимости
CVSS3: 8.2
redhat
больше 1 года назад
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
CVSS3: 8.2
nvd
больше 1 года назад
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.