CVE-2024-21489 | uplot up to 1.6.30 uplot.assign prototype pollution (SNYK-JS-UPLOT-6209224)

Inserito da Angelo Barbosa | Ott 1, 2024 | CVE

A vulnerability was found in uplot up to 1.6.30 and classified as critical. This issue affects the function uplot.assign. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

The identification of this vulnerability is CVE-2024-21489. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-21489 | uplot up to 1.6.30 uplot.assign prototype pollution (SNYK-JS-UPLOT-6209224)

Post correlati

CVE-2024-6249 | Wyze Cam 3 TCP Traffic stack-based overflow

CVE-2024-27376 | Samsung Exynos 1330 slsi_nan_subscribe_get_nl_params heap-based overflow

CVE-2023-5456 | AiLux imx6 up to 1.0.7-1 hard-coded credentials

CVE-2023-48739 | Porto Theme Functionality Plugin up to 2.11.1 on WordPress authorization