CVE-2024-38989

Name of the Vulnerable Software and Affected Versions izatop bunt version 0.29.19

Description The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through a prototype pollution vulnerability in the component /esm/qs.js.

Recommendations For version 0.29.19, consider disabling the component /esm/qs.js as a temporary workaround until a patch is available. Restrict access to the /esm/qs.js module to minimize the risk of exploitation. Avoid using the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.