---
gem: chartkick
cve: 2019-18841
url: https://github.com/ankane/chartkick.js/issues/117
title: Prototype Pollution in Chartkick.js 3.1.x
date: 2019-11-09
description: |
  A specially crafted response in data loaded via URL
  can cause prototype pollution in JavaScript.
unaffected_versions:
  - "< 3.1.0"
patched_versions:
  - ">= 3.3.0"