CVE-2024-39016

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-1321
View all →

Vulnerability Description

che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Related Vulnerabilities

CVE-2020-28460

HIGH
CVSS:8.1(High)

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.

CWE-13212020

CVE-2020-36604

HIGH
CVSS:8.1(High)

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.

CWE-13212020

CVE-2020-7644

HIGH
CVSS:8.1(High)

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.

CWE-13212020

CVE-2020-7748

HIGH
CVSS:8.1(High)

This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attack...

CWE-13212020

CVE-2022-25645

HIGH
CVSS:8.1(High)

All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, co...

CWE-13212022

CVE-2024-29651

HIGH
CVSS:8.1(High)

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() f...

CWE-13212024