Description
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
Recommendation
Update the uplot package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.6.31
- Patched version(s): 1.6.31
References
Related Issues
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 3 - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 2 - CVE-2024-52810
- Tags:
- npm
- uplot
Anything's wrong? Let us know Last updated on October 01, 2024