Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/21xxx/CVE-2024-21489.json",
"cwe_ids": [
"CWE-1321"
],
"cna_assigner": "snyk"
}