C3
by npm
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39016 | Hig | 0.53 | 8.1 | 0.00 | Jul 1, 2024 | che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||
| CVE-2016-1000240 | med | 0.19 | — | — | Sep 1, 2020 | Affected versions of `c3` are vulnerable to cross-site scripting via improper sanitization of HTML in rendered tooltips. ## Recommendation Update to 0.4.11 or later. |
- risk 0.53cvss 8.1epss 0.00
che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
- risk 0.19cvss —epss —
Affected versions of `c3` are vulnerable to cross-site scripting via improper sanitization of HTML in rendered tooltips. ## Recommendation Update to 0.4.11 or later.