Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-1A270B0D07E2488179AF3DCA5EC7D241

HistoryJul 01, 2024 - 12:00 a.m.

ag-grid packages vulnerable to Prototype Pollution

2024-07-0100:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

ag-grid

v31.3.2

prototype pollution

vulnerability

arbitrary code

denial of service

software

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

8.1

Confidence

High

JSON

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected configurations

Vulners

Node

npmchartsRange<32.0.1

VendorProductVersionCPE
npmcharts*cpe:2.3:a:npm:charts:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
npm	charts	*	cpe:2.3:a:npm:charts::::::::

References

gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa

gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b

gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b

github.com/advisories/GHSA-328p-362g-r48j

github.com/ag-grid/ag-grid

github.com/ag-grid/ag-grid/commit/78fb47f6c996f22c0b7184afb29620ab8c240522

github.com/ag-grid/ag-grid/issues/8261

nvd.nist.gov/vuln/detail/CVE-2024-39001

www.ag-grid.com/changelog/?fixVersion=32.0.1