Vulnerabilities > CVE-2020-7746 - Unspecified vulnerability in Chartjs Chart.Js

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

chartjs

critical

NVD

Published: 2020-10-29

Updated: 2024-11-21

Summary

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

Vulnerable Configurations

Part	Description	Count
Application	Chartjs Chartjs Chart.Js - Chartjs Chart.Js 0.2.0 Chartjs Chart.Js 1.0.0 Chartjs Chart.Js 1.0.1 Chartjs Chart.Js 1.0.2 Chartjs Chart.Js 1.1.0 Chartjs Chart.Js 1.1.1 Chartjs Chart.Js 2.0.0 Chartjs Chart.Js 2.0.1 Chartjs Chart.Js 2.0.2 Chartjs Chart.Js 2.1.0 Chartjs Chart.Js 2.1.1 Chartjs Chart.Js 2.1.2 Chartjs Chart.Js 2.1.3 Chartjs Chart.Js 2.1.4 Chartjs Chart.Js 2.1.5 Chartjs Chart.Js 2.1.6 Chartjs Chart.Js 2.2.0 Chartjs Chart.Js 2.2.1 Chartjs Chart.Js 2.2.2 Chartjs Chart.Js 2.3.0 Chartjs Chart.Js 2.4.0 Chartjs Chart.Js 2.5.0 Chartjs Chart.Js 2.6.0 Chartjs Chart.Js 2.7.0 Chartjs Chart.Js 2.7.1 Chartjs Chart.Js 2.7.2 Chartjs Chart.Js 2.7.3 Chartjs Chart.Js 2.8.0 Chartjs Chart.Js 2.9.0 Chartjs Chart.Js 2.9.1 Chartjs Chart.Js 2.9.2 Chartjs Chart.Js 2.9.3	48

Summary

Vulnerable Configurations

References