Lucene search

GoogleOSV:GHSA-X3M3-4WPV-5VGC

HistoryJul 01, 2024 - 3:32 p.m.

jrburke requirejs vulnerable to prototype pollution

2024-07-0115:32:19

Google

osv.dev

jrburke requirejs

v2.3.6

prototype pollution

security vulnerability

code injection

denial of service

software

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a

github.com/requirejs/r.js

github.com/requirejs/r.js/issues/1015

github.com/requirejs/requirejs/issues/1854

github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1

nvd.nist.gov/vuln/detail/CVE-2024-38999

security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON

Related for OSV:GHSA-X3M3-4WPV-5VGC