Closed magicHatOfTYPO3 closed 1 year ago
Hi. We have received a PenTest result which complains about using a vulnerable version of charts.js as dependency from luxletter.
As far I can see the chart.js from Luxletter is vulnerable against a Prototype Pollution Attack, see https://security.snyk.io/package/npm/chart.js/2.7.1
Is there any chance to use a current version of chart.js or at least a minor update to a version with no known security issues?
Or: is it possible to deactivate the chart.js support completely (with then no charts in the backend, of course)?
Merged. Will be release asap.
Thanks a lot :)
Hi. We have received a PenTest result which complains about using a vulnerable version of charts.js as dependency from luxletter.
As far I can see the chart.js from Luxletter is vulnerable against a Prototype Pollution Attack, see https://security.snyk.io/package/npm/chart.js/2.7.1
Is there any chance to use a current version of chart.js or at least a minor update to a version with no known security issues?
Or: is it possible to deactivate the chart.js support completely (with then no charts in the backend, of course)?