This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-10-29T08:05:17.720774Z
Updated: 2024-09-16T19:25:49.326Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7746
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-29T08:15:12.007
Modified: 2024-11-21T05:37:43.483
Link: CVE-2020-7746
Redhat