Description

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

Related CPE's

Could not find any relations

References

https://github.com/leeoniya/uPlot/blob/c52e5001c1d959a99ac495a53e4deca5c44464d2/src/utils.js%23L437-L452

https://github.com/leeoniya/uPlot/commit/5756e3e9b91270b303157e14bd0174311047d983

https://security.snyk.io/vuln/SNYK-JS-UPLOT-6209224

Weaknesses

[email protected]

Secondary
CWE-1321

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

8.2 · High

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-10-01T03:15:12.227Z

1 year ago

Last modified

2024-10-04T11:51:25.567Z

1 year ago