Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

42 matches found

OSV
OSVadded 2024/07/01 1:15 p.m.0 views

UBUNTU-CVE-2024-38999

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

10CVSS7AI score0.00283EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2024/07/01 1:15 p.m.27 views

CVE-2024-38999

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

10CVSS7.1AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/07/01 12:0 a.m.22 views

CVE-2024-38998

...

Exploits2
Positive Technologies
Positive Technologiesadded 2024/07/01 12:0 a.m.5 views

PT-2024-28314

Name of the Vulnerable Software and Affected Versions requirejs version 2.3.6 Description The issue is related to a prototype pollution vulnerability via the function s.contexts. .configure. This allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary...

10CVSS7.7AI score0.92879EPSS
Exploits9References41
CVE
CVEadded 2024/07/01 12:0 a.m.314 views

CVE-2024-38999

CVE-2024-38999 stems from a prototype pollution in jrburke/requirejs when calling the function s.contexts._.configure, enabling remote attackers to execute arbitrary code or cause a DoS via crafted requests. In the connected Jira advisory for Bitbucket Data Center/Server, this is described as a t...

10CVSS8.3AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/07/01 12:0 a.m.2 views

Number withdrawn

RequireJS is RequireJS open source a library . It is used to load normal JavaScript files as well as more defined modules. This CVE number has been withdrawn...

6.9AI score
Exploits2References3
Vulnrichment
Vulnrichmentadded 2024/07/01 12:0 a.m.24 views

CVE-2024-38999

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

7.8AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/07/01 12:0 a.m.4 views

RequireJS Security Vulnerability

RequireJS is an open source library for RequireJS. It is used to load common JavaScript files as well as more defined modules. A security vulnerability exists in RequireJS version v2.3.6, which originates from the inclusion of prototype contamination via the function s.contexts..configure, allowi...

10CVSS7.7AI score0.00283EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/07/01 12:0 a.m.27 views

CVE-2024-38998

...

7.8AI score
Exploits2
Cvelist
Cvelistadded 2024/07/01 12:0 a.m.23 views

CVE-2024-38999

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

0.00283EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2024/07/01 12:0 a.m.21 views

CVE-2024-38999

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

10CVSS7.1AI score0.00283EPSS
Exploits0
Veracode
Veracodeadded 2024/06/25 9:0 a.m.5 views

Sensitive Information Disclosure

typo3/cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to mechanisms used for configuration of RequireJS package loading, which can potentially allow an attacker to retrieve additional information about the installed system and third-party extensions...

6.8AI score
Exploits0
OSV
OSVadded 2024/06/07 6:28 p.m.8 views

GHSA-F624-8HFQ-5FH3 TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

5.3CVSS6.7AI score
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/06/07 6:28 p.m.9 views

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

6.7AI score
Exploits0References5Affected Software1
Veracode
Veracodeadded 2024/06/04 9:32 a.m.8 views

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to Inline JavaScript settings within the RequireJS package, which allows an attacker to retrieve additional information about the installed system and third-party extensions...

6.6AI score
Exploits0
OSV
OSVadded 2024/05/30 6:13 p.m.10 views

GHSA-P2H4-7FP3-CMH8 TYPO3 Disclosure of Information about Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

5.3CVSS6.7AI score
Exploits0References4
Github Security Blog
Github Security Blogadded 2024/05/30 6:13 p.m.14 views

TYPO3 Disclosure of Information about Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

6.7AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2024/05/30 12:0 a.m.3 views

PT-2024-40385 · Requirejs · Requirejs

Name of the Vulnerable Software and Affected Versions: RequireJS affected versions not specified Description: A potential issue has been discovered in the mechanisms used for configuration of RequireJS package loading, making it susceptible to information disclosure. This could allow a potential...

5.3CVSS6.8AI score
Exploits0References5
Snyk
Snykadded 2023/04/10 11:41 a.m.3 views

Prototype Pollution

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Prototype Pollution via the config function, due to improper sanitization of its parameter content. Note: This advisory is revoked as a duplicate of CVE-2024-38999. PoC js var requirejs=...

10CVSS7.3AI score0.00283EPSS
Exploits0References2
OSV
OSVadded 2022/06/20 8:18 p.m.7 views

MAL-2022-5758 Malicious code in requirejs-injector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d97c2ea570f4f2be827b6b8f1bbaff3230a6c0824401db8ce32b7d19d570bbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder