CVE-2024-14020

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions carboneio carbone versions prior to 3.5.6

Description A weakness exists in carboneio carbone up to version fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. The issue resides in the Formatter Handler component, specifically within the file lib/input.js and an unknown function. A manipulation can lead to improperly controlled modification of object prototype attributes. This attack can be launched remotely and is characterized by high complexity, with difficult exploitability. Successful exploitation may only occur if the parent NodeJS application has the same security issue.

Recommendations Upgrade to version 3.5.6 or later.

Fix

Prototype Pollution

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-94

Related Identifiers

CVE-2024-14020

GHSA-6RCW-WW3X-XQWM

Affected Products

Carbon

CVE-2024-14020

Weakness Enumeration

Related Identifiers

Affected Products

References · 10