ag-grid packages vulnerable to Prototype Pollution

2024-07-0115:32:20

CWE-1321

GitHub Advisory Database

github.com

ag-grid

prototype pollution

vulnerability

software

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

8.2

Confidence

High

JSON

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected configurations

Vulners

Node

ag-gridag-grid-enterpriseRange<31.3.4

ag-gridag-grid-communityRange<31.3.4

ag-grid-enterprisechartsRange<31.3.4

ag-gridag-grid-enterpriseMatch32.0.0

ag-gridag-grid-communityMatch32.0.0

ag-grid-enterprisechartsMatch32.0.0

VendorProductVersionCPE
ag-gridag-grid-enterprise*cpe:2.3:a:ag-grid:ag-grid-enterprise:*:*:*:*:*:*:*:*
ag-gridag-grid-community*cpe:2.3:a:ag-grid:ag-grid-community:*:*:*:*:*:*:*:*
ag-grid-enterprisecharts*cpe:2.3:a:ag-grid-enterprise:charts:*:*:*:*:*:*:*:*
ag-gridag-grid-enterprise32.0.0cpe:2.3:a:ag-grid:ag-grid-enterprise:32.0.0:*:*:*:*:*:*:*
ag-gridag-grid-community32.0.0cpe:2.3:a:ag-grid:ag-grid-community:32.0.0:*:*:*:*:*:*:*
ag-grid-enterprisecharts32.0.0cpe:2.3:a:ag-grid-enterprise:charts:32.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ag-grid	ag-grid-enterprise	*	cpe:2.3:a:ag-grid:ag-grid-enterprise::::::::
ag-grid	ag-grid-community	*	cpe:2.3:a:ag-grid:ag-grid-community::::::::
ag-grid-enterprise	charts	*	cpe:2.3:a:ag-grid-enterprise:charts::::::::
ag-grid	ag-grid-enterprise	32.0.0	cpe:2.3:a:ag-grid:ag-grid-enterprise:32.0.0:::::::*
ag-grid	ag-grid-community	32.0.0	cpe:2.3:a:ag-grid:ag-grid-community:32.0.0:::::::*
ag-grid-enterprise	charts	32.0.0	cpe:2.3:a:ag-grid-enterprise:charts:32.0.0:::::::*