RubySec

Providing security resources for the Ruby community

CVE-2019-18841 (chartkick): Prototype Pollution in Chartkick.js 3.1.x

ADVISORIES

GEM

chartkick

SEVERITY

CVSS v3.x: 7.3 (High)

UNAFFECTED VERSIONS

  • < 3.1.0

PATCHED VERSIONS

  • >= 3.3.0

DESCRIPTION

A specially crafted response in data loaded via URL can cause prototype pollution in JavaScript.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories