CVE-2024-21489

Published October 1st, 2024

View on NVD ↗

CVSS v3

8.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

leeoniya/uPlot

📈 A small, fast chart for time series, lines, areas, ohlc & bars

GitHub

10.2K