How severe is CVE-2024-10359?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-10359?

This is classified as CWE-915, which is a common weakness in software security.

CVE-2024-10359

MEDIUM Year: 2024

CVSS v3 Score

4.6

Medium

Weakness Type

CWE-915

View all →

Vulnerability Description

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of another user. The vulnerability arises because the backend saves the entire object received without validating the attributes and their values, impacting both integrity and confidentiality.

CVE-2023-39983

MEDIUM

CVSS:5.3(Medium)

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an...

CWE-9152023

CVE-2021-21297

MEDIUM

CVSS:6.5(Medium)

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request ca...

CWE-9152021

CVE-2020-11066

CRITICAL

CVSS:10.0(Critical)

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modific...

CWE-9152020

CVE-2021-21304

CRITICAL

CVSS:9.8(Critical)

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "...

CWE-9152021

CVE-2022-24802

CRITICAL

CVSS:9.8(Critical)

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecord...

CWE-9152022

CVE-2022-31106

CRITICAL

CVSS:9.8(Critical)

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An atta...

CWE-9152022

CVE-2024-10359

Vulnerability Description

Related Vulnerabilities

CVE-2023-39983

CVE-2021-21297

CVE-2020-11066

CVE-2021-21304

CVE-2022-24802

CVE-2022-31106