11 matches found
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
Prototype Pollution
ag-grid-enterprise is vulnerable to Prototype Pollution. The vulnerability is due to the functions .mergeDeep, ModuleSupport.jsonApply, ModuleSupport.setPath, and Util.jsonApply accepting arguments that include the built-in property proto. Attackers can exploit this by passing specially crafted...
Prototype pollution in ag-grid-community via the _.mergeDeep function
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Prior versions were also found ...
CVE-2024-38996
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38996
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38996
CVE-2024-38996 affects ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 via prototype pollution in the _.mergeDeep function. Root cause: pollution of object prototypes may allow attacker-controlled properties to impact application state, with potential for arbitrary code execution or Deni...
CVE-2024-39001
CVE-2024-39001 affects ag-grid-enterprise v31.3.2, with a prototype pollution path through the _ModuleSupport.jsonApply component. The vulnerability allows an attacker to inject arbitrary properties, enabling arbitrary code execution or DoS, as described in the provided documents. The CVE is corr...
CVE-2024-38996
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...