GitHub Advisory DatabaseGHSA-X3M3-4WPV-5VGCjrburke requirejs vulnerable to prototype pollution
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Affected configurations
References
gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
github.com/advisories/GHSA-x3m3-4wpv-5vgc
github.com/requirejs/r.js/issues/1015
github.com/requirejs/requirejs/issues/1854
github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1
nvd.nist.gov/vuln/detail/CVE-2024-38999
security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High