CVE-2024-39010

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39010

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39010.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39010

Published

2024-07-30T20:15:04Z

Modified

2025-01-14T12:16:00.102478Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262

Affected packages

Git / github.com/chase-moskal/snapstate

Affected ranges

Type: GIT
Repo: https://github.com/chase-moskal/snapstate
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d5d866d6c5935e9af59faa41d49516586773424f

Affected versions

v0.*

v0.0.0

v0.0.0-dev.0

v0.0.0-dev.1

v0.0.0-dev.2

v0.0.0-dev.3

v0.0.0-dev.4

v0.0.0-dev.5

v0.0.0-dev.6

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9