CVE-2024-57074

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: xe-utils version 3.5.31

Description: A prototype pollution in the lib.merge function allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Recommendations: For version 3.5.31, consider disabling the lib.merge function as a temporary workaround until a patch is available. Restrict access to the lib.merge function to minimize the risk of exploitation. Avoid using the lib.merge function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1321

Related Identifiers

CVE-2024-57074

Affected Products

Xe-Utils

CVE-2024-57074

Weakness Enumeration

Related Identifiers

Affected Products

References · 5