CVE-2024-36573

Name of the Vulnerable Software and Affected Versions almela obx versions prior to 0.0.4

Description The issue allows arbitrary code execution via the obx/build/index.js component, specifically through the reduce function at @almela/obx/build/index.js:470 and Object.set at obx/build/index.js:269. This is a Prototype Pollution issue.

Recommendations For versions prior to 0.0.4, update to version 0.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the obx/build/index.js component until a patch is available. Avoid using the vulnerable functions reduce and Object.set in the affected component until the issue is resolved.