PT-2024-28303 · Unknown · Aofl Cli-Lib

Mestrteeo

Published

2024-07-01

Updated

2024-07-11

CVE-2024-38987

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions aofl cli-lib version 3.14.0

Description The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through a prototype pollution in the defaultsDeep component.

Recommendations For aofl cli-lib version 3.14.0, consider restricting the use of the defaultsDeep component until a patch is available to prevent arbitrary code execution or Denial of Service (DoS) attacks.

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2024-38987

GHSA-VG6V-JCG3-5MP7

Affected Products

Aofl Cli-Lib

PT-2024-28303 · Unknown · Aofl Cli-Lib

CVE-2024-38987

Weakness Enumeration

Related Identifiers

Affected Products

References · 9