Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

RamdaJs, a dependency of fusioncharts 3.19.0, has a known critical vulnerability #54

Open
leon0leon opened this issue Feb 24, 2023 · 1 comment
Open

RamdaJs, a dependency of fusioncharts 3.19.0, has a known critical vulnerability #54

leon0leon opened this issue Feb 24, 2023 · 1 comment

Comments

@leon0leon
Copy link

leon0leon commented Feb 24, 2023
edited
Loading

image
image
image

RamdaJs 0.25.0 is a dependency of fusioncharts 3.19.0. It has 1 known critical vulnerability:
** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "proto") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes.
@liam-lian-01
Copy link

I have a same issue. Scan with BlackDuck.
image

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leon0leon @liam-lian-01