CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

@engagio/engagio-ui (>=0.1.1 <=1.12.14), @engagio/engagio-ui-grid (>=3.0.0-0 <=3.0.1-0) +12 more potentially affected by unknown CVE via ag-grid (>=11.0.0 <=13.3.1)

ag-grid NPM version =11.0.0, =0.1.1, =3.0.0-0, =0.5.0, =0.6.0, =0.1.0, =0.0.8, =0.0.1, =1.1.10, =0.0.1, =1.1.4 - vc-react-grid =1.0.0 - velocity-component-library =0.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-7P6W-X2GR-RRF8...