CVE-2024-39002

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions jsonic-next version 2.12.1

Description The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. This is achieved through a prototype pollution vulnerability in the util.clone function.

Recommendations For jsonic-next version 2.12.1, consider disabling the util.clone function as a temporary workaround until a patch is available. Restrict the use of this function to minimize the risk of exploitation.

Exploit

Fix

DoS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-39002

Affected Products

Jsonic-Next

CVE-2024-39002

Weakness Enumeration

Related Identifiers

Affected Products

References · 5