CVE-2024-21548

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21548

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21548.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21548

Aliases

GHSA-v9mx-4pqq-h232

Published

2024-12-18T06:15:23Z

Modified

2025-01-15T05:07:47.490904Z

Summary

[none]

Details

Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects.

References

Affected packages

Git / github.com/oven-sh/bun

Affected ranges

Type: GIT
Repo: https://github.com/oven-sh/bun
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a234e067a5dc7837602df3fb5489e826920cc65a

Affected versions

Other

09-07-231835-2021

build-8

bun-build-

bun-build-8

canary

not-quite-v0

bun-v0.*

bun-v0.0.0-10

bun-v0.0.0-11

bun-v0.0.0-12

bun-v0.0.0-13

bun-v0.0.0-14

bun-v0.0.0-15

bun-v0.0.0-8

bun-v0.0.0-9

bun-v0.0.15

bun-v0.0.16

bun-v0.0.17

bun-v0.0.18

bun-v0.0.19

bun-v0.0.20

bun-v0.0.21

bun-v0.0.22

bun-v0.0.23

bun-v0.0.24

bun-v0.0.25

bun-v0.0.26

bun-v0.0.27

bun-v0.0.28

bun-v0.0.29

bun-v0.0.30

bun-v0.0.31

bun-v0.0.32

bun-v0.0.34

bun-v0.0.35

bun-v0.0.36

bun-v0.0.37

bun-v0.0.38

bun-v0.0.39

bun-v0.0.40

bun-v0.0.41

bun-v0.0.42

bun-v0.0.43

bun-v0.0.44

bun-v0.0.45

bun-v0.0.46

bun-v0.0.48

bun-v0.0.49

bun-v0.0.50

bun-v0.0.51

bun-v0.0.52

bun-v0.0.53

bun-v0.0.54

bun-v0.0.55

bun-v0.0.56

bun-v0.0.57

bun-v0.0.58

bun-v0.0.59

bun-v0.0.60

bun-v0.0.61

bun-v0.0.62

bun-v0.0.63

bun-v0.0.64

bun-v0.0.65

bun-v0.0.66

bun-v0.0.68

bun-v0.0.69

bun-v0.0.70

bun-v0.0.71

bun-v0.0.72

bun-v0.0.73

bun-v0.0.74

bun-v0.0.75

bun-v0.0.76

bun-v0.0.77

bun-v0.0.78

bun-v0.0.79

bun-v0.0.80

bun-v0.0.81

bun-v0.0.82

bun-v0.0.83

bun-v0.1.0

bun-v0.1.1

bun-v0.1.10

bun-v0.1.11

bun-v0.1.12

bun-v0.1.13

bun-v0.1.2

bun-v0.1.3

bun-v0.1.4

bun-v0.1.5

bun-v0.1.6

bun-v0.1.7

bun-v0.1.8

bun-v0.1.9

bun-v0.2.0

bun-v0.2.1

bun-v0.2.2

bun-v0.3.0

bun-v0.4.0

bun-v0.5.0

bun-v0.5.1

bun-v0.5.2

bun-v0.5.3

bun-v0.5.4

bun-v0.5.5

bun-v0.5.6

bun-v0.5.7

bun-v0.5.8

bun-v0.5.9

bun-v0.6.0

bun-v0.6.1

bun-v0.6.10

bun-v0.6.11

bun-v0.6.12

bun-v0.6.13

bun-v0.6.14

bun-v0.6.2

bun-v0.6.3

bun-v0.6.4

bun-v0.6.5

bun-v0.6.6

bun-v0.6.7

bun-v0.6.8

bun-v0.6.9

bun-v0.7.0

bun-v0.7.1

bun-v0.7.2

bun-v0.7.3

bun-v0.8.0

bun-v0.8.1

bun-v1.*

bun-v1.0.0

bun-v1.0.1

bun-v1.0.10

bun-v1.0.11

bun-v1.0.12

bun-v1.0.13

bun-v1.0.14

bun-v1.0.15

bun-v1.0.16

bun-v1.0.17

bun-v1.0.18

bun-v1.0.19

bun-v1.0.2

bun-v1.0.20

bun-v1.0.21

bun-v1.0.22

bun-v1.0.23

bun-v1.0.24

bun-v1.0.25

bun-v1.0.26

bun-v1.0.27

bun-v1.0.28

bun-v1.0.29

bun-v1.0.3

bun-v1.0.30

bun-v1.0.31

bun-v1.0.32

bun-v1.0.33

bun-v1.0.34

bun-v1.0.35

bun-v1.0.36

bun-v1.0.4

bun-v1.0.5

bun-v1.0.6

bun-v1.0.7

bun-v1.0.8

bun-v1.0.9

bun-v1.1.0

bun-v1.1.1

bun-v1.1.10

bun-v1.1.11

bun-v1.1.12

bun-v1.1.13

bun-v1.1.14

bun-v1.1.15

bun-v1.1.16

bun-v1.1.17

bun-v1.1.18

bun-v1.1.19

bun-v1.1.2

bun-v1.1.20

bun-v1.1.21

bun-v1.1.22

bun-v1.1.23

bun-v1.1.24

bun-v1.1.25

bun-v1.1.26

bun-v1.1.27

bun-v1.1.28

bun-v1.1.29

bun-v1.1.3

bun-v1.1.4

bun-v1.1.5

bun-v1.1.6

bun-v1.1.7

bun-v1.1.8

bun-v1.1.9

v0.*

v0.0.0

v0.0.0-19

v0.0.0-20

v0.0.0-21

v0.1.1