Description
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
Remediation
References
https://chartkick.com
https://github.com/ankane/chartkick.js/issues/117
https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
https://github.com/ankane/chartkick/commits/master
https://rubygems.org/gems/chartkick/
Related Vulnerabilities
CVE-2020-15362 Vulnerability in npm package wifiscanner
CVE-2018-1000134 Vulnerability in maven package com.unboundid:unboundid-ldapsdk
CVE-2023-37963 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator
CVE-2018-18853 Vulnerability in maven package io.spray:spray-json_2.10
CVE-2021-31404 Vulnerability in maven package com.vaadin:flow-server