Описание
due to insufficient sanitazation in Vega’s convert() function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitive information.
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitive information.
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-552