2 matches found
@amoy/animate (>=0.1.0 <=0.1.8), @amoy/query (>=0.1.1 <=0.4.3) +4 more potentially affected by CVE-2024-38994 via @amoy/common (=1.0.10)
@amoy/common NPM version =1.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on @amoy/common and may be impacted: - @amoy/animate =0.1.0, =0.1.1, =1.0.0, =0.1.0, =1.0.1, =1.0.42 - react-webgl.js =0.0.1 Source cves: CVE-2024-38994 Source advisory:...
CVE-2024-38994
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...