Vega Project: >> Vega >> 1.5.1 Security Vulnerabilities
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-03-09