CVE-2024-39010

Name of the Vulnerable Software and Affected Versions snapstate version 0.0.9

Description The issue is related to a prototype pollution vulnerability via the attemptNestedProperty function. This allows attackers to execute arbitrary code or cause a Denial of Service (DoS) by injecting arbitrary properties.

Recommendations For version 0.0.9, consider disabling the attemptNestedProperty function as a temporary workaround until a patch is available. Restrict the injection of arbitrary properties to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.