RubyGems package
chartkick
pkg:gem/chartkick
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-16254 | — | < 3.4.0 | 3.4.0 | Aug 5, 2020 | The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). | ||
| CVE-2019-18841 | — | < 3.3.0 | 3.3.0 | Nov 11, 2019 | Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | ||
| CVE-2019-12732 | — | < 3.2.0 | 3.2.0 | Jun 6, 2019 | The Chartkick gem through 3.1.0 for Ruby allows XSS. |
- CVE-2020-16254Aug 5, 2020affected < 3.4.0fixed 3.4.0
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
- CVE-2019-18841Nov 11, 2019affected < 3.3.0fixed 3.3.0
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
- CVE-2019-12732Jun 6, 2019affected < 3.2.0fixed 3.2.0
The Chartkick gem through 3.1.0 for Ruby allows XSS.