CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure
. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
github.com/requirejs/r.js
github.com/requirejs/r.js/issues/1015
github.com/requirejs/requirejs/issues/1854
github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1
nvd.nist.gov/vuln/detail/CVE-2024-38999
security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713