Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/30 12:58 a.m.19 views

CVE-2024-38985

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS8.6AI score0.00741EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/28 9:30 p.m.6 views

@51yzone/pc-components (>=1.0.2 <=1.2.27), @ahooksjs/antd-form-table (>=0.2.1 <=0.2.15-alpha.1) +186 more potentially affected by CVE-2024-38985 via cool-path (=0.1.32)

cool-path NPM version =0.1.32 is affected by a known vulnerability. The following packages have a transitive dependency on cool-path and may be impacted: - @51yzone/pc-components =1.0.2, =0.2.1, =0.0.1, =0.0.1, =0.2.10, =0.2.10, =0.0.1, =1.0.0, =0.1.11, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.9-beta...

9.8CVSS5.8AI score0.00741EPSS
Exploits1
NVD
NVD
added 2025/03/28 9:15 p.m.15 views

CVE-2024-38985

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS0.00741EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/28 12:0 a.m.24 views

CVE-2024-38985

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

0.00741EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/28 12:0 a.m.6 views

CVE-2024-38985

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

8.5AI score0.00741EPSS
Exploits1References2
CVE
CVE
added 2025/03/28 12:0 a.m.57 views

CVE-2024-38985

Prototype pollution in depath v1.0.6 and cool-path v1.1.2 via the set() method in setIn (lib/index.js:90). This allows injection of arbitrary properties and may enable arbitrary code execution or DoS. Affected: janryWang depath v1.0.6 and janryWang cool-path v1.1.2. Public references confirm the ...

9.8CVSS8.5AI score0.00741EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder