Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-7746

Disclosure Date: October 29, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Products

  • chart.js

Additional Info

Technical Analysis