CVE-2020-7746 - This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when

CVE-2020-7746

Summary

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

References

Vulnerable Configurations

cpe:2.3:a:chartjs:chart.js:-:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:-:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.0:beta:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.0:beta:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta3:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta3:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta4:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.1:beta4:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:1.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha3:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha3:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha4:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:alpha4:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:beta:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:beta:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:beta1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:beta1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:beta2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.0:beta2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.4:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.4:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.0:rc1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.0:rc1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.0:rc2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.0:rc2:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.3.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.3.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.3.0:rc1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.3.0:rc1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.4.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.4.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.5.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.5.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.6.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.6.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.3:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.7.3:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.8.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.8.0:-:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.8.0:rc1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.8.0:rc1:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.0:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.1:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.2:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.3:*:*:*:*:node.js:*:*
cpe:2.3:a:chartjs:chart.js:2.9.3:*:*:*:*:node.js:*:*

CVSS

Base:	5.0 (as of 02-12-2022 - 19:44)
Impact:
Exploitability:

CWE

CWE-1321

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc

Last major update

02-12-2022 - 19:44

Published

29-10-2020 - 08:15

Last modified

02-12-2022 - 19:44