VDB
CISA-2024-38999
CISA-2024-38999
PUBLISHED
CVSS 10 CRITICAL
Reported by mitre · Published July 1, 2024
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| jrburke | requirejs | 2.3.6, 2.3.6 |
| n/a | n/a | n/a, n/a |
Timeline
- Jul 1, 2024 CVE Published
- Aug 2, 2024 CVE Updated