CVE-2023-46308

Name of the Vulnerable Software and Affected Versions Plotly plotly.js versions prior to 2.25.2

Description The issue concerns plot API calls having a risk of proto being polluted in expandObjectPaths or nestedProperty. This could potentially lead to security issues, although specific details about the estimated number of affected devices or real-world incidents are not provided.

Recommendations For versions prior to 2.25.2, update to version 2.25.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the expandObjectPaths and nestedProperty functions until a patch is applied. Avoid using these functions in plot API calls until the issue is resolved.