CVE-2024-14020 | carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e Formatter lib/input.js prototype pollution

A vulnerability, which was classified as problematic, was found in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes.

This vulnerability is tracked as CVE-2024-14020. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.

A successful exploitation can “only occur if the parent NodeJS application has the same security issue”.

CVE-2024-14020 | carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e Formatter lib/input.js prototype pollution

Post correlati

CVE-2024-25053 | IBM Cognos Analytics up to 12.0.2 certificate validation (XFDB-283364)

CVE-2024-9247 | Foxit PDF Reader Annotation out-of-bounds write (ZDI-24-1300)

CVE-2024-41690 | SyroTech SY-GPON-1110-WDONT 3.1.02-231102 firmware/ cleartext storage (CIVN-2024-0225)

CVE-2025-48468 | Advantech Wireless Sensing and Equipment A2.01 B00 JTAG injection