Skip to main content

Plotly Js

2 CVEs product

Monthly

CVE-2023-46308 LIB CRITICAL PATCH Act Now

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Plotly Js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2017-1000006 npm MEDIUM PATCH This Month

Plotly, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Plotly Js
NVD
CVSS 3.0
6.1
EPSS
0.6%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Plotly Js
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Plotly, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Plotly Js
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy