@adhawk/analytics-pixel-loader (>=0.0.2 <=2.0.2), @adhawk/analytics.js-integration-freshdesk (=0.1.0) +143 more potentially affected by CVE-2024-57066 via @ndhoule/defaults (=2.0.1)

@ndhoule/defaults NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @ndhoule/defaults and may be impacted: - @adhawk/analytics-pixel-loader =0.0.2, =1.2.0, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 -...

CVE-2024-57066

A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57066

CVE-2024-57066 targets the @ndhoule/defaults library. The root cause is a prototype pollution in the lib.deep function of v2.0.1, allowing crafted payloads to trigger a Denial of Service (DoS). Public documentation consistently links this to a DoS vector with network access and no user interactio...