Vulnerabilities (CVE)

Filtered by vendor Vega Project Subscribe
Filtered by product Vega
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26487 2 Vega-functions Project, Vega Project 2 Vega-functions, Vega 2024-11-21 N/A 6.5 MEDIUM
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a `push` function as the 1st argument, `push` function can be set to any function that can be access via `event.view` (no all such functions can be exploited due to invalid context or signature, but some can, e.g. `console.log`). The issue is that`lassoAppend` doesn't enforce proper types of its arguments. This issue opens various XSS vectors, but exact impact and severity depends on the environment (e.g. Core JS `setImmediate` polyfill basically allows `eval`-like functionality). This issue was patched in 5.23.0.
CVE-2023-26486 2 Vega-functions Project, Vega Project 2 Vega-functions, Vega 2024-11-21 N/A 6.5 MEDIUM
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.
CVE-2020-26296 1 Vega Project 1 Vega 2024-11-21 3.5 LOW 8.7 HIGH
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine. This is fixed in version 5.17.3
CVE-2019-10806 1 Vega Project 1 Vega 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.