[Buildroot] [PATCH 2/2] package/chartjs: security bump to 2.9.4
Peter Korsgaard
peter at korsgaard.com
Tue Jan 19 17:57:25 UTC 2021
>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin at gmail.com> writes:
> From: Joeri Barbarien <joeri.barbarien at nokia.com>
> CVE-2020-7746 (https://nvd.nist.gov/vuln/detail/CVE-2020-7746)
> The options parameter is not properly sanitized when it is processed.
> When the options are processed, the existing options (or the defaults
> options) are deeply merged with provided options. However, during this
> operation, the keys of the object being set are not checked, leading to
> a prototype pollution.
> Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list