CVE-2019-18841: Prototype Pollution in chartkick
(updated )
Chartkick.js, as used in the Chartkick gem for Ruby, allows prototype pollution.
References
- chartkick.com/
- github.com/advisories/GHSA-5pm8-492c-92p5
- github.com/ankane/chartkick.js/issues/117
- github.com/ankane/chartkick/blob/master/CHANGELOG.md
- github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
- github.com/ankane/chartkick/commits/master
- nvd.nist.gov/vuln/detail/CVE-2019-18841
- rubygems.org/gems/chartkick/
- www.npmjs.com/advisories/1312
Detect and mitigate CVE-2019-18841 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →