Количество 2
Количество 2
CVE-2024-38985
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
GHSA-4h4x-4m75-47j4
depath and cool-path vulnerable to Prototype Pollution via `set()` Method
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-38985 janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | CVSS3: 9.8 | 1% Низкий | 11 месяцев назад |
| GHSA-4h4x-4m75-47j4 depath and cool-path vulnerable to Prototype Pollution via `set()` Method | 1% Низкий | 11 месяцев назад |
Уязвимостей на страницу