Description
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
Remediation
References
https://chartkick.com
https://github.com/ankane/chartkick.js/issues/117
https://github.com/ankane/chartkick/blob/master/CHANGELOG.md
https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
https://github.com/ankane/chartkick/commits/master
https://rubygems.org/gems/chartkick/
Related Vulnerabilities
CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.11
CVE-2020-7715 Vulnerability in npm package deep-get-set
CVE-2022-22984 Vulnerability in npm package snyk-mvn-plugin
CVE-2021-40525 Vulnerability in maven package org.apache.james:james-server
CVE-2020-8125 Vulnerability in maven package org.webjars.npm:klona