Lucene search
MitreCVE-2024-39012HistoryJul 30, 2024 - 8:15 p.m.
CVE-2024-39012
2024-07-3020:15:04
CWE-1321
mitre
web.nvd.nist.gov
30
ais-ltd strategyen
v0.4.0
prototype pollution
vulnerability
arbitrary code
denial of service
dos
injection
cve-2024-39012
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.3
Confidence
High
EPSS
0.001
Percentile
43.7%
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Affected configurations
Node
aisstrategyenMatch0.4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ais | strategyen | 0.4.0 | cpe:2.3:a:ais:strategyen:0.4.0:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-39012
2024-07-30 00:00:00
nvd
nvd
CVE-2024-39012
2024-07-30 20:15:04
veracode
veracode
Prototype Pollution
2024-08-01 07:26:07
cvelist
cvelist
CVE-2024-39012
2024-07-30 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.3
Confidence
High
EPSS
0.001
Percentile
43.7%
Related for CVE-2024-39012