MEDIUM
CartoDB
CVE published 2026-07-18
CVE-2026-16151
A vulnerability was found in CartoDB carto-api-client version 0.5.29. The issue affects the addFilter function in the src/filters.ts file. Manipulation of the column argument leads to improperly controlled modification of object prototype attributes. The attack can be executed remotely. The project was informed early through an issue report but has not responded yet. This vulnerability has a CVSS score of [truncated]