PT-2025-5753 · Unknown · Ajax-Request

Published

2025-02-05

Updated

2025-02-06

CVE-2024-57076

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: ajax-request version 1.2.3

Description: A prototype pollution in the lib.post function allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. This issue can be exploited by providing a manipulated payload to the vulnerable function, leading to a denial of service.

Recommendations: For version 1.2.3, consider disabling the lib.post function as a temporary workaround until a patch is available. Restrict access to the lib.post function to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1321

Related Identifiers

CVE-2024-57076

Affected Products

Ajax-Request

PT-2025-5753 · Unknown · Ajax-Request

CVE-2024-57076

Weakness Enumeration

Related Identifiers

Affected Products

References · 4