Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Critical vulnerability -> Chart.js library vulnerable to prototype polution. #830

Open
Wideyedwonderer opened this issue Feb 19, 2024 · 1 comment
Open

Critical vulnerability -> Chart.js library vulnerable to prototype polution. #830

Wideyedwonderer opened this issue Feb 19, 2024 · 1 comment

Comments

@Wideyedwonderer
Copy link

What are the steps to reproduce?

  • Install the latest version of node-red-dashboard as node_module
  • Go to dist/js/app.min.js
  • Search for "Chart.js"

What happens?

  • Version 2.3.0 is found. This library is listed with the following CRITICAL vulnerability in the NIST database: CVE-2020-7746

What do you expect to happen?

  • Version after 2.9.4 to be found.
@dceejay
Copy link
Member

dceejay commented Feb 19, 2024

Yes - sadly the angular v1 dashboard uses some other libraries that are pinned to version 2.3 - so you can either rebuild the dashboard without the chart node - or look to move to the dashboard v2.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dceejay @Wideyedwonderer