CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Prototype Pollution

ag-grid-enterprise is vulnerable to Prototype Pollution. The vulnerability is due to the functions .mergeDeep, ModuleSupport.jsonApply, ModuleSupport.setPath, and Util.jsonApply accepting arguments that include the built-in property proto. Attackers can exploit this by passing specially crafted...

@nokecy/qc-ui (>=0.4.7 <=0.9.6), ag-grid-charts-enterprise (=32.0.0) +3 more potentially affected by CVE-2024-39001 via ag-grid-community (=32.0.0)

ag-grid-community NPM version =32.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ag-grid-community and may be impacted: - @nokecy/qc-ui =0.4.7, =0.9.6 - ag-grid-charts-enterprise =32.0.0 - ag-grid-enterprise =32.0.0 - ag-grid-react =32.0.0 -...

5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +233 more potentially affected by CVE-2024-39001 via ag-grid-enterprise (>=12.0.2 <=31.3.2)

ag-grid-enterprise NPM version =12.0.2, =0.0.1, =0.0.1, =1.0.21, =0.0.70, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.1-rc.0, =4.0.0-alpha, =2.0.0, =1.1.0, =1.0.1, =0.0.0, =0.0.1-991 and more Source cves: CVE-2024-39001 Source advisory: OSV:GHSA-328P-362G-R48J...

@ag-grid-enterprise/all-modules (>=22.0.0 <=27.3.0), @ag-grid-enterprise/charts-enterprise (>=31.1.0 <=31.3.3) +55 more potentially affected by CVE-2024-39001 via @ag-grid-enterprise/charts (>=22.0.0 <=31.3.3)

@ag-grid-enterprise/charts NPM version =22.0.0, =22.0.0, =31.1.0, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.6, =2.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2024-39001 Source advisory: OSV:GHSA-328P-362G-R48J...

GHSA-328P-362G-R48J ag-grid packages vulnerable to Prototype Pollution

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +233 more potentially affected by CVE-2024-38996 via ag-grid-enterprise (>=12.0.2 <=31.3.2)

ag-grid-enterprise NPM version =12.0.2, =0.0.1, =0.0.1, =1.0.21, =0.0.70, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.1-rc.0, =4.0.0-alpha, =2.0.0, =1.1.0, =1.0.1, =0.0.0, =0.0.1-991 and more Source cves: CVE-2024-38996 Source advisory: OSV:GHSA-876P-C77M-X2HC...

Prototype pollution in ag-grid-community via the _.mergeDeep function

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Prior versions were also found ...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39001

CVE-2024-39001 affects ag-grid-enterprise v31.3.2, with a prototype pollution path through the _ModuleSupport.jsonApply component. The vulnerability allows an attacker to inject arbitrary properties, enabling arbitrary code execution or DoS, as described in the provided documents. The CVE is corr...

CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38996

CVE-2024-38996 affects ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 via prototype pollution in the _.mergeDeep function. Root cause: pollution of object prototypes may allow attacker-controlled properties to impact application state, with potential for arbitrary code execution or Deni...