BDU%3A2024-02116 — Vulnetix

BDU%3A2024-02116 PUBLISHED CVSS 9.800000190734863 CRITICAL

Уязвимость программного средства преобразования json-данных JSONata, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Сообщество свободного программного обеспечения	JSONata
jsonata-js	jsonata	>= 1.4.0, < 1.8.7, >= 2.0.0, < 2.0.4
jsonatajs	jsonata	1.4.0, 2.0.0

Exploit Intelligence

CIRCL seen: CVE-2024-27307 (circl-sighting)
CIRCL seen: CVE-2024-27307 (circl-sighting)
CIRCL seen: CVE-2024-27307 (circl-sighting)
https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1 (circl)
https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c (circl)
https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2 (circl)
https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4 (circl)
https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8 (circl)
https://github.com/jsonata-js/jsonata/pull/681 (circl)
https://github.com/jsonata-js/jsonata/pull/676 (circl)

…and 2 more exploits

Timeline

Mar 6, 2024 CVE Published
Mar 6, 2024 PoC Published
Mar 6, 2024 PoC Published
Mar 7, 2024 PoC Published
Mar 19, 2024 CVE Updated

References

Open in Interactive Console →