Affected versions of @polymer/polymer
are vulnerable to prototype pollution. The package fails to prevent modification of object prototypes through chart options containing a payload such as {"__proto__": {"polluted": true}}
. It is possible to achieve the same results if a chart loads data from a malicious server.
Upgrade to version 3.2.0 or later.
chartkick