CVE-2019-18841 Information

Feb 14, 2021 cve

Description

Chartkick.js 3.1.0 through 3.1.3 as used in the Chartkick gem before 3.3.0 for Ruby allows prototype pollution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://chartkick.com https://github.com/ankane/chartkick.js/issues/117 https://github.com/ankane/chartkick/blob/master/CHANGELOG.md https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa https://github.com/ankane/chartkick/commits/master https://rubygems.org/gems/chartkick/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.3

Share on: