ГлавнаяУязвимости → CVE-2024-21489
8.2высокая

CVE-2024-21489

Описание

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Источники
https://github.com/leeoniya/uPlot/blob/c52e5001c1d959a99ac495a53e4deca5c44464d2/src/utils.js%23L437-L452https://github.com/leeoniya/uPlot/commit/5756e3e9b91270b303157e14bd0174311047d983https://security.snyk.io/vuln/SNYK-JS-UPLOT-6209224