CVE-2019-10806

Published
View on NVD ↗
CVSS v3
4.3
MEDIUM
CVSS v2
4
MEDIUM
Affected
1
PROJECT

Description

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

vega/vega
vega/vega
A visualization grammar.
GitHubGitHub
11.9K