Lucene search
MitreCVE-2024-39011HistoryJul 30, 2024 - 8:15 p.m.
CVE-2024-39011
2024-07-3020:15:04
CWE-1321
mitre
web.nvd.nist.gov
29
prototype pollution
chargeover redoc
v2.0.9-rc.69
code execution
dos
mergeobjects
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.001
Percentile
43.7%
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.
Affected configurations
Node
chargeoverredocMatch2.0.9rc69node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chargeover | redoc | 2.0.9 | cpe:2.3:a:chargeover:redoc:2.0.9:rc69:*:*:*:node.js:*:* |
Related
nvd
nvd
CVE-2024-39011
2024-07-30 20:15:04
cvelist
cvelist
CVE-2024-39011
2024-07-30 00:00:00
vulnrichment
vulnrichment
CVE-2024-39011
2024-07-30 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.001
Percentile
43.7%
Related for CVE-2024-39011