Vulnerability Details CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- https://chartkick.com
- https://github.com/ankane/chartkick.js/issues/117
- https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
- https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
- https://github.com/ankane/chartkick/commits/master
- https://rubygems.org/gems/chartkick/
- https://chartkick.com
- https://github.com/ankane/chartkick.js/issues/117
- https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
- https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
- https://github.com/ankane/chartkick/commits/master
- https://rubygems.org/gems/chartkick/
Products affected by CVE-2019-18841
-
cpe:2.3:a:chartkick:chartkick.js:3.1.0
-
cpe:2.3:a:chartkick:chartkick.js:3.1.1
-
cpe:2.3:a:chartkick:chartkick.js:3.1.2
-
cpe:2.3:a:chartkick:chartkick.js:3.1.3