CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

@nokecy/qc-ui (>=0.4.7 <=0.9.6), ag-grid-charts-enterprise (=32.0.0) +3 more potentially affected by CVE-2024-39001 via ag-grid-community (=32.0.0)

ag-grid-community NPM version =32.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ag-grid-community and may be impacted: - @nokecy/qc-ui =0.4.7, =0.9.6 - ag-grid-charts-enterprise =32.0.0 - ag-grid-enterprise =32.0.0 - ag-grid-react =32.0.0 -...

5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +588 more potentially affected by CVE-2024-38996 via ag-grid-community (>=19.0.0 <=31.3.2)

ag-grid-community NPM version =19.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.1, =0.1.1, =14.3.14, =0.0.15, =0.1.43, =0.0.1, =0.1.46, =0.0.0-6.1-rc-20220114175111, =4.4.1-alpha.8, =1.1.0, =0.1.4, =0.2.7 and more Source cves: CVE-2024-38996 Source advisory: OSV:GHSA-876P-C77M-X2HC...

Prototype pollution in ag-grid-community via the _.mergeDeep function

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Prior versions were also found ...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-grid-community is a fully-featured and highly customizable JavaScript data grid. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep function. An attacker can execute...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38996

CVE-2024-38996 affects ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 via prototype pollution in the _.mergeDeep function. Root cause: pollution of object prototypes may allow attacker-controlled properties to impact application state, with potential for arbitrary code execution or Deni...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Cross-site Scripting (XSS)

ag-grid-community is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious Javascript on a user's browser via the function loadTemplate...

ag-grid Cross-Site Scripting vulnerability

Versions of ag-grid prior to 14.0.0 are vulnerable to Cross-Site Scripting XSS. Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid. Recommendation Upgrade to version 14.0.0 or later...

GHSA-7P6W-X2GR-RRF8 ag-grid Cross-Site Scripting vulnerability

Versions of ag-grid prior to 14.0.0 are vulnerable to Cross-Site Scripting XSS. Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid. Recommendation Upgrade to version 14.0.0 or later...

Cross-Site Scripting

Overview Versions of ag-grid-community prior to 14.0.0 are vulnerable to Cross-Site Scripting XSS. Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid. Recommendation Upgrade to version 14.0.0 or later References -...