VYPR

npm package

uplot

pkg:npm/uplot

Vulnerabilities (1)

  • CVE-2024-21489HigOct 1, 2024
    affected < 1.6.31fixed 1.6.31

    Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.