Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library was used with the `vega-interpreter`. Vega version 5.32.0 and vega-functions version 5.17.0 fix the issue. As a workaround, use `vega` with expression interpreter.

N/A

替代XSS语法转义处理不恰当

Vega 安全漏洞

Vega是Vega团队的一个基于Javscript可用来创建交互式可视化展示的软件。该软件可使用JSON格式描述数据可视化，并使用HTML5 Canvas或SVG生成交互式视图。 Vega 5.32.0之前版本存在安全漏洞，该漏洞源于可能运行意外JavaScript代码。

N/A

N/A