cve-2020-7746
Vulnerability from cvelistv5
Published
2020-10-29 08:05
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:41:00.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/chartjs/Chart.js/pull/7920" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "chart.js", "vendor": "n/a", "versions": [ { "lessThan": "2.9.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Alessio Della Libera (d3lla)" } ], "datePublic": "2020-10-29T00:00:00", "descriptions": [ { "lang": "en", "value": "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Prototype Pollution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T08:05:17", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375" }, { "tags": [ "x_refsource_MISC" ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/chartjs/Chart.js/pull/7920" } ], "title": "Prototype Pollution", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2020-10-29T08:02:11.306556Z", "ID": "CVE-2020-7746", "STATE": "PUBLIC", "TITLE": "Prototype Pollution" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "chart.js", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2.9.4" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Alessio Della Libera (d3lla)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Prototype Pollution" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375" }, { "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376" }, { "name": "https://github.com/chartjs/Chart.js/pull/7920", "refsource": "MISC", "url": "https://github.com/chartjs/Chart.js/pull/7920" } ] } } } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7746", "datePublished": "2020-10-29T08:05:17.720774Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-16T19:25:49.326Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-7746\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2020-10-29T08:15:12.007\",\"lastModified\":\"2024-11-21T05:37:43.483\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.\"},{\"lang\":\"es\",\"value\":\"Esto afecta al paquete chart.js versiones anteriores a 2.9.4.\u0026#xa0;El par\u00e1metro options no es saneado apropiadamente cuando es procesado.\u0026#xa0;Cuando las opciones son procesadas, las opciones existentes (o las opciones predeterminadas) se fusionan profundamente con las opciones proporcionadas.\u0026#xa0;Sin embargo, durante esta operaci\u00f3n, las claves del objeto que est\u00e1 siendo ajustado no son comprobadas, conllevando a una contaminaci\u00f3n del prototipo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chartjs:chart.js:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2.9.4\",\"matchCriteriaId\":\"7F233AD0-FAAB-43E9-BC5D-923121DACC04\"}]}]}],\"references\":[{\"url\":\"https://github.com/chartjs/Chart.js/pull/7920\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/chartjs/Chart.js/pull/7920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.