CVE-2024-24294 | blackprint engine 0.9.0 engine.min.js _utils.setDeepProperty prototype pollution

Posted by Angelo Barbosa | May 20, 2024 | CVE

A vulnerability classified as problematic was found in blackprint engine 0.9.0. This vulnerability affects the function _utils.setDeepProperty of the file engine.min.js. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability was named CVE-2024-24294. The attack can be initiated remotely. There is no exploit available.

CVE-2024-24294 | blackprint engine 0.9.0 engine.min.js _utils.setDeepProperty prototype pollution

Related Posts

CVE-2024-10123 | Tenda AC8 16.03.34.06 saveParentControlInfo compare_parentcontrol_time stack-based overflow

CVE-2024-38274 | Moodle up to 4.1.10/4.2.7/4.3.4/4.4 Calendar Event cross site scripting

CVE-2023-52689 | Linux Kernel up to 6.7.1 ALSA scarlett2_meter_ctl_get meter_level_map[] Privilege Escalation (74e3de7cdcc3/993f7b42fa06)

CVE-2023-49355 | jq 1.2e-111 decNumber/decNumber.c decToString out-of-bounds write