9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
39.1%
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.
CPE | Name | Operator | Version |
---|---|---|---|
plotly.js | lt | 2.25.2 | |
plotly/plotly.js | lt | 2.25.2 |
github.com/advisories/GHSA-wjc4-73q6-gv3m
github.com/plotly/plotly.js/commit/02498404c8ad7a3395191e65694fb142a37b0fe9
github.com/plotly/plotly.js/commit/5efd2a1f07a418b230a5626fc6c1c7929c47949d
github.com/plotly/plotly.js/releases/tag/v2.25.2
nvd.nist.gov/vuln/detail/CVE-2023-46308
plotly.com/javascript/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
39.1%