GoogleOSV:GHSA-328P-362G-R48Jag-grid packages vulnerable to Prototype Pollution
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
References
gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa
gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b
gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b
github.com/ag-grid/ag-grid
github.com/ag-grid/ag-grid/commit/78fb47f6c996f22c0b7184afb29620ab8c240522
github.com/ag-grid/ag-grid/commit/ff731699453f2632d4852b3a3c34b479c406068c
github.com/ag-grid/ag-grid/issues/8261
nvd.nist.gov/vuln/detail/CVE-2024-39001
www.ag-grid.com/changelog/?fixVersion=31.3.4
www.ag-grid.com/changelog/?fixVersion=32.0.1
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High