-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Prototype Pollution Vulnerability Affecting chartist module, versions >=1.0.0 <=1.3.0 #1427
Labels
Comments
Is there any chance the PR will be accepted soon? And would a new release be forthcoming afterwards? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Would you like to work on a fix?
Current and expected behavior
Overview
A Prototype Pollution vulnerability Affecting chartist , versions >=1.0.0 <=1.3.0, due to missing check if the argument resolves to the object prototype. This allow the attacker to inject malicious object property using the built-in Object property
__proto__
which recursively assigned to all the objects in the program.Reproduction
sent directly to the maintainer's email
Chartist version
1.3.0
Possible solution
The text was updated successfully, but these errors were encountered: