CVE-2020-16254
gem/chartkick
Injection Vulnerability
The Chartkick gem for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
All versions up to 3.3.2
Upgrade to version 3.4.0 or above.
2020-08-07