CVE-2023-38894

Name of the Vulnerable Software and Affected Versions Cronvel Tree-kit versions 0.7.4 and before

Description A Prototype Pollution issue in Cronvel Tree-kit allows a remote attacker to execute arbitrary code via the extend function. This issue is related to uncontrolled modification of object prototype attributes. Exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For Cronvel Tree-kit versions 0.7.4 and before, consider disabling the extend function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.