CVE-2020-7746

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Prototype Pollution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
snykCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
chartjschart.js
𝑥
< 2.9.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-chart.js
bullseye
2.9.4+dfsg+~cs2.10.1-3
fixed
buster
ignored
bookworm
3.9.1+~0.2.1-2
fixed
sid
3.9.1+~cs3.1.2-3
fixed
trixie
3.9.1+~cs3.1.2-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-chart.js
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
ignored
focal
needs-triage
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/chartjs/Chart.js/pull/7920
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374
https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716
https://github.com/chartjs/Chart.js/pull/7920
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374
https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716