3Oca
CVE-2023-46308 | plotly.js up to 2.25.1 API Call expandObjectPaths/nestedProperty code injection
A vulnerability, which was classified as critical, was found in plotly.js up to 2.25.1. Affected is the functionexpandObjectPaths/nestedProperty
of the component API Call Handler. The manipulation leads to code injection.
This vulnerability is traded as CVE-2023-46308. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.