CVE-2024-39008

CRITICAL Year: 2024
CVSS v3 Score
10.0
Critical
Weakness Type
CWE-1321
View all →

Vulnerability Description

robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Related Vulnerabilities

CVE-2020-12079

CRITICAL
CVSS:10.0(Critical)

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-po...

CWE-13212020

CVE-2021-23449

CRITICAL
CVSS:10.0(Critical)

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.

CWE-13212021

CVE-2021-23594

CRITICAL
CVSS:10.0(Critical)

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

CWE-13212021

CVE-2023-26121

CRITICAL
CVSS:10.0(Critical)

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

CWE-13212023

CVE-2023-3696

CRITICAL
CVSS:10.0(Critical)

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

CWE-13212023

CVE-2024-38999

CRITICAL
CVSS:10.0(Critical)

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Ser...

CWE-13212024