Описание
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 31.3.4 (исключая)
cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00558
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
Prototype pollution in ag-grid-community via the _.mergeDeep function
EPSS
Процентиль: 68%
0.00558
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-1321