Prototype Pollution

Redoc is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the Module.mergeObjects component, allows attackers to manipulate the prototype chain and introduce malicious payloads, which can trigger a Denial of Service DoS...

Redoc Prototype Pollution via `Module.mergeObjects` Component

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

@abios/abios-redoc-cli (>=0.12.4 <=0.15.0), @acmekit/acmekit-oas-cli (>=2.13.1 <=2.13.94) +58 more potentially affected by CVE-2024-57083 via redoc (>=0.5.2 <=2.2.0)

redoc NPM version =0.5.2, =0.12.4, =2.13.1, =2.13.1, =0.0.1, =1.0.0, =2.6.10, =1.0.0, =1.0.1, =1.18.2, =0.0.2, =0.1.4, =0.1.0, =0.2.1, =9.0.0, =9.7.3 and more Source cves: CVE-2024-57083 Source advisory: OSV:GHSA-9RHG-254W-FH9X...

GHSA-9RHG-254W-FH9X Redoc Prototype Pollution via `Module.mergeObjects` Component

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57083

CVE-2024-57083 describes a prototype pollution in the Redoc library, specifically the Module.mergeObjects function in redoc

de.gsi.acc:chartfx-acc (>=11.2.2 <=11.2.7), de.gsi.report:chartfx-report (>=11.2.2 <=11.2.7) +16 more potentially affected by CVE-2024-57083 via org.webjars.npm:redoc (>=2.0.0-rc.23 <=2.1.4)

org.webjars.npm:redoc MAVEN version =2.0.0-rc.23, =11.2.2, =11.2.2, =11.2.2, =11.2.2, =5.0.0, =5.0.0, =3.9.0, =3.9.0, =2.5.0, =2.5.0, =3.0.0, =11.0.0, =0.7.13, =0.7.13, =0.8.3, =0.8.4 and more Source cves: CVE-2024-57083 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-8664935...

io.github.shuigedeng:taotao-boot-demo (>=2025.02 <=2025.12), io.github.shuigedeng:taotao-boot-starter-dubbo (>=2025.02 <=2026.05) +6 more potentially affected by CVE-2024-57083 via org.webjars:redoc (>=2.0.0 <=2.5.1)

org.webjars:redoc MAVEN version =2.0.0, =2025.02, =2025.02, =2025.02, =5.0.0, =3.3.3, =5.40.0.0, =4.41.4.0, =5.47.0.0 Source cves: CVE-2024-57083 Source advisory: SNYK:JAVA-ORGWEBJARS-8664934...

Redoc 安全漏洞

Redoc is an open source tool from Redocly Open Source. It is used to generate documentation from OpenAPI definitions. A security vulnerability exists in Redoc version v2.0.9-rc.69. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service denial of servic...