Lucene search
MitreCVE-2024-36572HistoryJul 30, 2024 - 8:15 p.m.
CVE-2024-36572
2024-07-3020:15:03
CWE-1321
mitre
web.nvd.nist.gov
28
cve-2024-36572
prototype pollution
allpro form-manager
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
Low
EPSS
0.001
Percentile
50.1%
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.
Affected configurations
Node
allproformmanager_data_handlerMatch0.7.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| allpro | formmanager_data_handler | 0.7.4 | cpe:2.3:a:allpro:formmanager_data_handler:0.7.4:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-36572
2024-07-30 00:00:00
veracode
veracode
Prototype Pollution
2024-08-01 08:59:26
vulnrichment
vulnrichment
CVE-2024-36572
2024-07-30 00:00:00
nvd
nvd
CVE-2024-36572
2024-07-30 20:15:03
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
Low
EPSS
0.001
Percentile
50.1%
Related for CVE-2024-36572