Description
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
Remediation
References
https://chartkick.com
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
https://rubygems.org/gems/chartkick/
https://github.com/ankane/chartkick/commits/master
https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
https://github.com/ankane/chartkick.js/issues/117
Related Vulnerabilities
CVE-2022-34112 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2023-5571 Vulnerability in npm package @vrite/sdk
CVE-2022-21718 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-35949 Vulnerability in maven package org.webjars.npm:undici
CVE-2020-7751 Vulnerability in maven package org.webjars.npm:pathval