npm package
vega-util
pkg:npm/vega-util
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10806 | — | < 1.13.1 | 1.13.1 | Mar 9, 2020 | vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype. |
- CVE-2019-10806Mar 9, 2020affected < 1.13.1fixed 1.13.1
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.