Description
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
Remediation
References
https://chartkick.com
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
https://rubygems.org/gems/chartkick/
https://github.com/ankane/chartkick/commits/master
https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
https://github.com/ankane/chartkick.js/issues/117
Related Vulnerabilities
CVE-2023-7078 Vulnerability in npm package miniflare
CVE-2022-43412 Vulnerability in maven package org.jenkins-ci.plugins:generic-webhook-trigger
CVE-2020-13954 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13