CVE-2024-36582 | alexbinary object-deep-assign 1.0.11 /src/index.js extend prototype pollution

Posted by Angelo Barbosa | Jun 17, 2024 | CVE

A vulnerability classified as problematic has been found in alexbinary object-deep-assign 1.0.11. Affected is the function extend of the file /src/index.js. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is traded as CVE-2024-36582. Access to the local network is required for this attack. There is no exploit available.

CVE-2024-36582 | alexbinary object-deep-assign 1.0.11 /src/index.js extend prototype pollution

Related Posts

CVE-2022-48758 | Linux Kernel up to 5.16.4 fs/sysfs/group.c bnx2fc_interface_put Privilege Escalation

CVE-2024-49614 | Dan Alexander SermonAudio Widgets Plugin up to 1.9.3 on WordPress sql injection

CVE-2024-0967 | OpenText ArcSight Enterprise Security Manager up to 24.0 information disclosure

CVE-2024-32964 | lobehub lobe-chat up to 0.150.5 /api/proxy server-side request forgery