CVE-2024-38988
CVE-2024-38988
9.8
CriticalPublished:
Last updated:
Source:cve@mitre.org
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
References
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713