CVE-2024-21505 | web3-utils up to 4.2.0 mergeDeep prototype pollution

Inserito da Angelo Barbosa | Mar 25, 2024 | CVE

A vulnerability was found in web3-utils up to 4.2.0. It has been declared as critical. Affected by this vulnerability is the function mergeDeep. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is known as CVE-2024-21505. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-21505 | web3-utils up to 4.2.0 mergeDeep prototype pollution

Post correlati

CVE-2024-6459 | News Element Elementor Blog Magazine Plugin up to 1.0.5 on WordPress file inclusion

CVE-2024-7186 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWiFiAclAddConfig comment buffer overflow

CVE-2024-10596 | ESAFENET CDG 5 EncryptPolicyTypeService.java delEntryptPolicySort id sql injection

CVE-2023-47131 | N-able PassPortal Extension up to 3.29.1 on Chrome log file