Lucene search
Veracode Vulnerability DatabaseVERACODE:21934HistoryNov 11, 2019 - 2:19 a.m.
Prototype Pollution
2019-11-1102:19:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
61.5%
chartkick is vulnerable to prototype pollution. Attackers can manipulate attributes to overwrite, or pollute existing properties relating to an Object by injecting malicious values through the _proto_ attribute. Using this flaw the attackers can cause a denial of service (DoS) condition and in some situations remote code executions.
References
chartkick.com
github.com/ankane/chartkick.js/commit/3f833c2b229db140295b44074fef56428e0a8b91
github.com/ankane/chartkick.js/issues/117
github.com/ankane/chartkick/blob/master/CHANGELOG.md
github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
github.com/ankane/chartkick/commits/master
rubygems.org/gems/chartkick/
www.npmjs.com/advisories/1312
Related
cvelist
cvelist
CVE-2019-18841
2019-11-11 00:05:37
nodejs
nodejs
Prototype Pollution
2019-11-11 18:28:46
nvd
nvd
CVE-2019-18841
2019-11-11 01:15:10
cve
cve
CVE-2019-18841
2019-11-11 01:15:10
osv
osv
Prototype Pollution in chartkick
2019-12-02 18:04:11
CVE-2019-18841
2019-11-11 01:15:10
debiancve
debiancve
CVE-2019-18841
2019-11-11 01:15:10
prion
prion
Code injection
2019-11-11 01:15:00
ubuntucve
ubuntucve
CVE-2019-18841
2019-11-11 00:00:00
github
github
Prototype Pollution in chartkick
2019-12-02 18:04:11