CVE-2023-46308: plotly.js prototype pollution vulnerability
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.
References
- github.com/advisories/GHSA-wjc4-73q6-gv3m
- github.com/plotly/plotly.js/commit/02498404c8ad7a3395191e65694fb142a37b0fe9
- github.com/plotly/plotly.js/commit/5efd2a1f07a418b230a5626fc6c1c7929c47949d
- github.com/plotly/plotly.js/releases/tag/v2.25.2
- nvd.nist.gov/vuln/detail/CVE-2023-46308
- plotly.com/javascript/
Code Behaviors & Features
Detect and mitigate CVE-2023-46308 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →