CVE-2020-7746: 
JavaScript vulnerability analysis and mitigation

The vulnerability CVE-2020-7746 affects the Chart.js package versions before 2.9.4. The issue was discovered in 2020 and involves improper sanitization of the options parameter during processing. When options are processed, the existing options (or default options) are deeply merged with provided options, but the keys of the object being set are not properly checked (CVE Mitre).

The vulnerability is a prototype pollution issue that occurs during the deep merge operation of options processing. The root cause is that when the options are processed, the keys of the object being set are not validated, which can lead to prototype pollution. The fix involved using Object.create(null) as the merge target to prevent prototype pollution (GitHub PR).

The vulnerability can lead to prototype pollution, which is a type of attack where JavaScript's object prototype chain can be manipulated to inject or modify properties that all objects inherit by default. This could potentially affect the behavior of the application using Chart.js and lead to security issues (NVD).

The recommended mitigation is to upgrade Chart.js to version 2.9.4 or later, which includes the fix for this vulnerability. The fix implements proper object creation using Object.create(null) as the merge target to prevent prototype pollution (GitHub PR).