CVE-2024-21505 | web3-utils up to 4.2.0 mergeDeep prototype pollution

Inserito da Angelo Barbosa | Mar 25, 2024 | CVE

A vulnerability was found in web3-utils up to 4.2.0. It has been declared as critical. Affected by this vulnerability is the function mergeDeep. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is known as CVE-2024-21505. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-21505 | web3-utils up to 4.2.0 mergeDeep prototype pollution

Post correlati

CVE-2024-43353 | myCred Plugin up to 2.7.2 on WordPress cross site scripting

CVE-2023-50628 | libming 0.4.8 parser.c buffer overflow

CVE-2024-6951 | SourceCodester Simple Online Book Store System 1.0 admin_delete.php bookisbn sql injection

CVE-2024-23941 | Intermesh Group Office up to 6.6.181/6.7.63/6.8.30 cross site scripting