CVE-2020-7746 in Chart.js 2.7.3


Topic: CVE-2020-7746 in Chart.js 2.7.3

christian4223 asked 2 years ago

Hi there,we are using MDB 4.20.0 pro. Looking into the files makes us realize, that MDB 4.20.0 uses Chart.js 2.7.3 as a dependency, which is affected by CVE-2020-7746 a high rated prototype polution vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2020-7746). Due to concerns about the security of our product we wanted to ask whether MDB 4.20.0 uses the affected parts of Chart.js. Will there be an update with a non vulnerable Chart.js version?Kind regards,Christian


Grzegorz Bujański staff answered 2 years ago

Unfortunately, this feature isn't included in our roadmap for MDB4 right now.

Since Bootstrap 4 itself is no longer updated on its own, the new releases of MDB4 are also less frequent.

As of now, I can't assure you, if this feature is going to be fixed soon. My recommendation for you is to switch to MDB5, where this issue is already resolved. You can use this promotional offer to get an MDB Bundle with an 84% discount for existing customers, or alternatively use code XP2Z6HM9 during checkout, to receive 10% OFF any other purchase on MDB.


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue
  • User: Free
  • Premium support: No
  • Technology: MDB jQuery
  • MDB Version: MDB4 4.20.0
  • Device: PC
  • Browser: all
  • OS: Linux
  • Provided sample code: No
  • Provided link: Yes