CVE-2023-46308 | plotly.js up to 2.25.1 API Call expandObjectPaths/nestedProperty code injection

CVE-2023-46308 | plotly.js up to 2.25.1 API Call expandObjectPaths/nestedProperty code injection

A vulnerability, which was classified as critical, was found in plotly.js up to 2.25.1. Affected is the function expandObjectPaths/nestedProperty of the component API Call Handler. The manipulation leads to code injection. This vulnerability is traded as CVE-2023-46308. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.