Description
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
References (6)
Core 6
Core References
Product, Release Notes x_refsource_misc
https://rubygems.org/gems/chartkick/
Product x_refsource_misc
https://chartkick.com
Product, Release Notes x_refsource_misc
https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
Patch x_refsource_confirm
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
Third Party Advisory x_refsource_misc
https://github.com/ankane/chartkick.js/issues/117
Scores
CVSS v3
7.3
EPSS
0.0062
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
Status
published
Products (3)
chartkick/chartkick.js
3.1.0 - 3.1.3
npm/chartkick
3.1.0 - 3.2.0npm
rubygems/chartkick
0 - 3.3.0RubyGems
Published
Nov 11, 2019
Tracked Since
Feb 18, 2026