A vulnerability, which was classified as problematic, was found in bun up to 1.1.29. Affected is an unknown function of the component API. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).
This vulnerability is traded as CVE-2024-21548. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.