CVE-2024-57064

Name of the Vulnerable Software and Affected Versions: @syncfusion/ej2-spreadsheet version 27.2.2

Description: A prototype pollution issue in the lib.setValue function allows attackers to cause a Denial of Service (DoS) by supplying a crafted payload. This issue can be exploited to disrupt service, but no information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations: For @syncfusion/ej2-spreadsheet version 27.2.2, consider disabling the lib.setValue function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.