PT-2024-28328 · Cat5Th · Key-Serializer

Mestrtee

Published

2024-07-01

Updated

2024-07-11

CVE-2024-39018

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions harvey-woo cat5th/key-serializer version 0.2.5

Description The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through the function "query". This is a result of prototype pollution.

Recommendations For harvey-woo cat5th/key-serializer version 0.2.5, consider disabling the query function until a patch is available to prevent exploitation. Restrict access to the query function to minimize the risk of arbitrary code execution or Denial of Service (DoS).

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2024-39018

GHSA-WHPX-G542-7C7V

Affected Products

Key-Serializer

PT-2024-28328 · Cat5Th · Key-Serializer

CVE-2024-39018

Weakness Enumeration

Related Identifiers

Affected Products

References · 5