UBUNTU-CVE-2020-7746

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-7746

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-7746.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-7746

Related

CVE-2020-7746

Published

2020-10-29T08:15:00Z

Modified

2025-06-03T17:34:04Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

References

Affected packages

Ubuntu:Pro:20.04:LTS / node-chart.js

Package

Name: node-chart.js
Purl: pkg:deb/ubuntu/node-chart.js@2.9.3+dfsg-2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.3+dfsg-5

2.9.3+dfsg-1

2.9.3+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "low"
}