CVE-2024-38996

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38996

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38996.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38996

Aliases

GHSA-876p-c77m-x2hc

Related

Published

2024-07-01T13:15:05Z

Modified

2025-04-29T08:11:24.061717Z

Summary

[none]

Details

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

Affected packages

Git / github.com/ag-grid/ag-grid

Affected ranges

Type: GIT
Repo: https://github.com/ag-grid/ag-grid
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b632ff58db83fd24454dd027a676541581645c4b

Affected versions

1.*

1.0

1.1

1.10.0

1.10.1

1.11.0

1.11.1

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

1.13.0

1.14.0

1.14.1

1.15.0

1.15.1

1.16.0

1.16.1

1.2

1.3

1.4

1.4.1

1.5.0

1.6.0

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

10.*

10.0.0

10.0.1

10.1.0

11.*

11.0.0

12.*

12.0.0

12.0.1

12.0.2

13.*

13.0.0

13.0.1

13.0.2

13.1.0

13.1.1

13.1.2

13.2.0

13.3.0

13.3.1

14.*

14.0.0

14.1.0

14.1.1

14.2.0

15.*

15.0.0

16.*

16.0.0

16.0.1

17.*

17.0.0

17.1.0

17.1.1

18.*

18.0.0

18.0.1

18.1.0

18.1.1

18.1.2

19.*

19.0.0

19.0.1

19.1.1

19.1.2

19.1.3

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

3.*

3.0.0

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

3.2.2

3.3.0

3.3.0-alpha.1

3.3.1

3.3.2

3.3.3

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

5.*

5.0.0

5.0.0-alpha.0

5.0.0-alpha.1

5.0.0-alpha.3

5.0.0-alpha.4

5.0.0-alpha.5

5.0.0-alpha.6

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.1.1

5.1.2

5.2.0

5.3.0

5.3.1

5.4.0

6.*

6.0.0

6.0.1

6.1.0

6.2.0

6.2.1

6.3.0

6.4.0

6.4.1

6.4.2

7.*

7.0.0

7.0.2

7.1.0

7.2.0

7.2.1

7.2.2

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.2.0

9.*

9.0.0

9.0.2

9.0.4

9.1.0

v25.*

v25.2.0

v26.*

v26.0.0

v26.1.0

v26.2.0

v27.*

v27.0.0

v27.0.1

v27.1.0

v27.2.0

v27.2.1

v27.3.0

v28.*

v28.0.0

v28.1.0

v28.1.1

v28.2.0

v28.2.1

v29.*

v29.0.0

v29.1.0

v29.2.0

v29.3.0

v30.*

v30.0.0

v30.0.1

v30.0.2

v30.0.3

v30.0.5

v30.0.6

v30.1.0

v30.2.0

v31.*

v31.0.0

v31.0.1

v31.0.2

v31.1.0

v31.2.0

v31.3.0

v31.3.1

v31.3.2

vDocs-25.*

vDocs-25.1.0-20210309

vDocs-25.1.0-20210310

vDocs-25.2.0-20210430

vDocs-25.3.0-20210527

vDocs-26.*

vDocs-26.0.0-20210818

vDocs-26.1.0-20211001

vDocs-26.1.0-20211013

vDocs-26.2.0-20211117

vDocs-27.*

vDocs-27.0.0-20220208

vDocs-27.0.1-20220211

vDocs-27.1.0-20220315

vDocs-27.2.0-20220419

vDocs-27.2.1-20220420

vDocs-29.*

vDocs-29.1.0-20230221