CVE-2020-7746
ADVISORY - githubSummary
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
EPSS Score: 0.00155 (0.370)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
ADVISORY - github
NIST
CREATED
UPDATED
ADVISORY IDCVE-2020-7746
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CVSS SCORE
7.5highDebian
CREATED
UPDATED
ADVISORY IDCVE-2020-7746
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2020-7746
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2020-7746
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5highintheWild
CREATED
UPDATED
ADVISORY IDCVE-2020-7746�
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-