CVE-2020-7746
Prototype Pollution
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
We have discovered 69,725 live websites that are affected by CVE-2020-7746.
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7746 and the relative popularity of websitesDetails
- Published - Oct 29, 2020
- Updated - Oct 29, 2020
Credits
- Alessio Della Libera (d3lla)
CVE References
CWE References
Countries
 United States | 19,304 websites |
 Germany | 6,240 websites |
 Italy | 4,155 websites |
 France | 3,987 websites |
 GB | 3,814 websites |
 Spain | 2,749 websites |
 Netherlands | 2,446 websites |
 Brazil | 2,119 websites |
 Canada | 1,745 websites |
 Australia | 1,475 websites |
TLDs
| .com | 28,441 websites |
| .de | 4,035 websites |
| .org | 3,736 websites |
| .it | 2,705 websites |
| .co.uk | 2,099 websites |
| .nl | 1,979 websites |
| .net | 1,634 websites |
| .fr | 1,611 websites |
| .com.br | 1,610 websites |
| .com.au | 1,132 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7746 through included software libraries and plugins.References
- https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376
- https://github.com/chartjs/Chart.js/pull/7920
Websites affected by CVE-2020-7746
Top websites that are affected by CVE-2020-7746. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***********.jp |  Japan | *,*** | |
| *****.com | Canada | *,*** | |
| ***.********.****.fr | France | *,*** | |
| ****.*******.**********.it | Italy | **,*** | |
| ************.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| ***.***************.com | United States | **,*** | |
| ***.********.de | Germany | **,*** | |
| ***.*************.com | United States | **,*** | |
| ***.*******.**.uk | GB | **,*** |