Description
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
Remediation
References
https://chartkick.com
https://github.com/ankane/chartkick.js/issues/117
https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
https://github.com/ankane/chartkick/commits/master
https://rubygems.org/gems/chartkick/
Related Vulnerabilities
CVE-2017-16206 Vulnerability in npm package cofee-script
CVE-2022-21671 Vulnerability in npm package @replit/crosis
CVE-2020-7785 Vulnerability in npm package node-ps
CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth
CVE-2018-6561 Vulnerability in maven package org.webjars.bowergithub.dojo:dijit