CVE-2024-36582 | alexbinary object-deep-assign 1.0.11 /src/index.js extend prototype pollution

Posted by Angelo Barbosa | Jun 17, 2024 | CVE

A vulnerability classified as problematic has been found in alexbinary object-deep-assign 1.0.11. Affected is the function extend of the file /src/index.js. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

This vulnerability is traded as CVE-2024-36582. Access to the local network is required for this attack. There is no exploit available.

CVE-2024-36582 | alexbinary object-deep-assign 1.0.11 /src/index.js extend prototype pollution

Related Posts

CVE-2024-35234 | Discourse up to 3.2.2/3.3.0.beta2 Meta Tag cross site scripting (GHSA-5chg-hm8c-wc58)

CVE-2024-37423 | Automattic Newspack Blocks Plugin up to 3.0.8 on WordPress path traversal

CVE-2024-7291 | JetFormBuilder Plugin up to 3.3.4.1 on WordPress Privilege Escalation

CVE-2023-51453 | DJI Mavic 3 Pro Service Port 10000 libv2_sdk.so process_push_file denial of service