Lucene search

GoogleOSV:UBUNTU-CVE-2024-38999

HistoryJul 01, 2024 - 1:15 p.m.

UBUNTU-CVE-2024-38999

2024-07-0113:15:00

Google

osv.dev

ubuntu

cve-2024-38999

requirejs

prototype pollution

denial of service

software

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

JSON

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a

ubuntu.com/security/CVE-2024-38999

www.cve.org/CVERecord?id=CVE-2024-38999

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

JSON

Related for OSV:UBUNTU-CVE-2024-38999