PT-2025-49862 · Undefined · Undefined
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2024-555182
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
🧵 6/15: The Exploit (simplified):
The vulnerability (CVE-2024-555182) lies in the deserialization process.
React wasn't verifying if a requested key actually existed on the object during this process.
This allows an attacker to sneak in a request for the constructor of a function.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined