CVE-2024-57083

Опубликовано: 28 мар. 2025

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload.

Отчет

This vulnerability is rated as an Important severity because it allows attackers to exploit a prototype pollution issue in the Module.mergeObjects method by crafting a malicious payload. An attacker can alter the built-in Object.prototype, causing a Denial of Service (DoS) condition, leading to system instability, impacting the availability of the affected system.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat build of Apicurio Registry 2	io.apicurio-apicurio-registry	Affected
Red Hat Integration Camel K 1	io.apicurio-apicurio-registry	Will not fix
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-central-db-rhel8	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-collector-rhel8	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-collector-slim-rhel8	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-main-rhel8	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-operator-bundle	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-rhel8-operator	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-roxctl-rhel8	Fixed	RHSA-2025:3928	15.04.2025
Red Hat Advanced Cluster Security 4.5	advanced-cluster-security/rhacs-scanner-db-rhel8	Fixed	RHSA-2025:3928	15.04.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-1321

https://bugzilla.redhat.com/show_bug.cgi?id=2355865redoc: Prototype Pollution in redoc

EPSS

Процентиль: 10%

0.00035

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-57083

CVSS3: 7.5

nvd

9 месяцев назад

A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-9rhg-254w-fh9x

github