Lucene search

Redhat.comRH:CVE-2024-38998

HistoryJul 01, 2024 - 5:51 p.m.

CVE-2024-38998

2024-07-0117:51:20

redhat.com

access.redhat.com

requirejs

object behavior

denial of service

code execution

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

A flaw was found in RequireJS. This flaw allows an attacker to alter the behavior of all objects inheriting from the affected prototype by passing arguments to the config function crafted with the built-in property: proto. This issue can potentially lead to a denial of service, remote code execution, or Cross-site scripting.

References

bugzilla.redhat.com/show_bug.cgi?id=2294942

gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a

nvd.nist.gov/vuln/detail/CVE-2024-38998

www.cve.org/CVERecord?id=CVE-2024-38998

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for RH:CVE-2024-38998