CVE-2024-21548

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-21548
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21548.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-21548
Aliases
Published
2024-12-18T06:15:23Z
Modified
2025-01-15T05:07:47.490904Z
Summary
[none]
Details

Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects.

References

Affected packages

Git / github.com/oven-sh/bun

Affected ranges

Type
GIT
Repo
https://github.com/oven-sh/bun
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

09-07-231835-2021
build-8
bun-build-
bun-build-8
canary
not-quite-v0

bun-v0.*

bun-v0.0.0-10
bun-v0.0.0-11
bun-v0.0.0-12
bun-v0.0.0-13
bun-v0.0.0-14
bun-v0.0.0-15
bun-v0.0.0-8
bun-v0.0.0-9
bun-v0.0.15
bun-v0.0.16
bun-v0.0.17
bun-v0.0.18
bun-v0.0.19
bun-v0.0.20
bun-v0.0.21
bun-v0.0.22
bun-v0.0.23
bun-v0.0.24
bun-v0.0.25
bun-v0.0.26
bun-v0.0.27
bun-v0.0.28
bun-v0.0.29
bun-v0.0.30
bun-v0.0.31
bun-v0.0.32
bun-v0.0.34
bun-v0.0.35
bun-v0.0.36
bun-v0.0.37
bun-v0.0.38
bun-v0.0.39
bun-v0.0.40
bun-v0.0.41
bun-v0.0.42
bun-v0.0.43
bun-v0.0.44
bun-v0.0.45
bun-v0.0.46
bun-v0.0.48
bun-v0.0.49
bun-v0.0.50
bun-v0.0.51
bun-v0.0.52
bun-v0.0.53
bun-v0.0.54
bun-v0.0.55
bun-v0.0.56
bun-v0.0.57
bun-v0.0.58
bun-v0.0.59
bun-v0.0.60
bun-v0.0.61
bun-v0.0.62
bun-v0.0.63
bun-v0.0.64
bun-v0.0.65
bun-v0.0.66
bun-v0.0.68
bun-v0.0.69
bun-v0.0.70
bun-v0.0.71
bun-v0.0.72
bun-v0.0.73
bun-v0.0.74
bun-v0.0.75
bun-v0.0.76
bun-v0.0.77
bun-v0.0.78
bun-v0.0.79
bun-v0.0.80
bun-v0.0.81
bun-v0.0.82
bun-v0.0.83
bun-v0.1.0
bun-v0.1.1
bun-v0.1.10
bun-v0.1.11
bun-v0.1.12
bun-v0.1.13
bun-v0.1.2
bun-v0.1.3
bun-v0.1.4
bun-v0.1.5
bun-v0.1.6
bun-v0.1.7
bun-v0.1.8
bun-v0.1.9
bun-v0.2.0
bun-v0.2.1
bun-v0.2.2
bun-v0.3.0
bun-v0.4.0
bun-v0.5.0
bun-v0.5.1
bun-v0.5.2
bun-v0.5.3
bun-v0.5.4
bun-v0.5.5
bun-v0.5.6
bun-v0.5.7
bun-v0.5.8
bun-v0.5.9
bun-v0.6.0
bun-v0.6.1
bun-v0.6.10
bun-v0.6.11
bun-v0.6.12
bun-v0.6.13
bun-v0.6.14
bun-v0.6.2
bun-v0.6.3
bun-v0.6.4
bun-v0.6.5
bun-v0.6.6
bun-v0.6.7
bun-v0.6.8
bun-v0.6.9
bun-v0.7.0
bun-v0.7.1
bun-v0.7.2
bun-v0.7.3
bun-v0.8.0
bun-v0.8.1

bun-v1.*

bun-v1.0.0
bun-v1.0.1
bun-v1.0.10
bun-v1.0.11
bun-v1.0.12
bun-v1.0.13
bun-v1.0.14
bun-v1.0.15
bun-v1.0.16
bun-v1.0.17
bun-v1.0.18
bun-v1.0.19
bun-v1.0.2
bun-v1.0.20
bun-v1.0.21
bun-v1.0.22
bun-v1.0.23
bun-v1.0.24
bun-v1.0.25
bun-v1.0.26
bun-v1.0.27
bun-v1.0.28
bun-v1.0.29
bun-v1.0.3
bun-v1.0.30
bun-v1.0.31
bun-v1.0.32
bun-v1.0.33
bun-v1.0.34
bun-v1.0.35
bun-v1.0.36
bun-v1.0.4
bun-v1.0.5
bun-v1.0.6
bun-v1.0.7
bun-v1.0.8
bun-v1.0.9
bun-v1.1.0
bun-v1.1.1
bun-v1.1.10
bun-v1.1.11
bun-v1.1.12
bun-v1.1.13
bun-v1.1.14
bun-v1.1.15
bun-v1.1.16
bun-v1.1.17
bun-v1.1.18
bun-v1.1.19
bun-v1.1.2
bun-v1.1.20
bun-v1.1.21
bun-v1.1.22
bun-v1.1.23
bun-v1.1.24
bun-v1.1.25
bun-v1.1.26
bun-v1.1.27
bun-v1.1.28
bun-v1.1.29
bun-v1.1.3
bun-v1.1.4
bun-v1.1.5
bun-v1.1.6
bun-v1.1.7
bun-v1.1.8
bun-v1.1.9

v0.*

v0.0.0
v0.0.0-19
v0.0.0-20
v0.0.0-21
v0.1.1