Tariqhawis

Name of the Vulnerable Software and Affected Versions: Chartist versions 1.x through 1.3.0 Description: The issue allows Prototype Pollution via the `extend` function. This can potentially lead to security risks, as it may enable attackers to manipulate the prototype chain of objects, affecting the application's behavior. Recommendations: For Chartist versions 1.x through 1.3.0, consider disabling the `extend` function as a temporary workaround until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** @bit/loader version 10.0.3 **Description** A Prototype Pollution issue allows an attacker to execute arbitrary code via the `M` function `e` argument in index.js. **Recommendations** For version 10.0.3, consider disabling the `M` function until a patch is available to prevent exploitation. Restrict access to the index.js file to minimize the risk of arbitrary code execution. Avoid using the `e` argument in the `M` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** json-schema-ref-parser versions 11.0.0 through 11.1.0 **Description** A Prototype Pollution issue in API Dev Tools allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()` functions. **Recommendations** For versions 11.0.0 through 11.1.0, consider disabling the `bundle()`, `parse()`, `resolve()`, `dereference()` functions as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.