CVE-2024-45277

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-1321
View all →

Vulnerability Description

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

Related Vulnerabilities

CVE-2019-10806

MEDIUM
CVSS:4.3(Medium)

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

CWE-13212019

CVE-2021-23408

MEDIUM
CVSS:4.3(Medium)

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using ...

CWE-13212021

CVE-2024-2495

MEDIUM
CVSS:4.4(Medium)

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of ...

CWE-13212024

CVE-2023-30857

LOW
CVSS:3.7(Low)

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when me...

CWE-13212023

CVE-2020-7600

MEDIUM
CVSS:5.3(Medium)

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused ...

CWE-13212020

CVE-2020-7608

MEDIUM
CVSS:5.3(Medium)

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CWE-13212020