CVE-2024-39012

Name of the Vulnerable Software and Affected Versions ais-ltd strategyen version 0.4.0

Description The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties using the mergeObjects function. This is a result of prototype pollution.

Recommendations For version 0.4.0, consider disabling the mergeObjects function as a temporary workaround until a patch is available. Restrict access to areas where this function is utilized to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.