Critical vulnerability -> Chart.js library vulnerable to prototype polution.
Opened this issue · 1 comments
Wideyedwonderer commented
What are the steps to reproduce?
- Install the latest version of node-red-dashboard as node_module
- Go to dist/js/app.min.js
- Search for "Chart.js"
What happens?
- Version 2.3.0 is found. This library is listed with the following CRITICAL vulnerability in the NIST database: CVE-2020-7746
What do you expect to happen?
- Version after 2.9.4 to be found.
dceejay commented
Yes - sadly the angular v1 dashboard uses some other libraries that are pinned to version 2.3 - so you can either rebuild the dashboard without the chart node - or look to move to the dashboard v2.