VDB
CVE-2024-39001
CVE-2024-39001
PUBLISHED
CVSS 6.300000190734863 MEDIUM
ag-grid packages vulnerable to Prototype Pollution
EPSS 0.26% · 50.0th percentile
Risk Scores
CVSS v3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.26%
50.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| ag-grid | ag-grid | 0, 32.0.0 |
| npm | ag-grid-community | 32.0.0, 0, 32.0.0 |
| ag-grid-enterprise | charts | 32.0.0, 0, 32.0.0 |
| npm | ag-grid-enterprise | 32.0.0, 0, 32.0.0 |
| ag-grid | ag-grid-enterprise | 31.3.2 |
| ag-grid | ag_charts | 0, 10.0.0 |
Timeline
- Jan 20, 1970 GitHub Gist PoC
- Jan 20, 1970 GitHub Gist PoC
- Jan 20, 1970 GitHub Gist PoC
- Jul 1, 2024 CVE Published
- Jul 2, 2024 EPSS Score
- Jul 24, 2024 EPSS Score
- Aug 15, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
- Sep 29, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 12, 2024 EPSS Score
References
- https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b url
- https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b url
- https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa url
- https://nvd.nist.gov/vuln/detail/CVE-2024-39001 advisory
- https://github.com/ag-grid/ag-grid/issues/8261 url
- https://github.com/ag-grid/ag-grid/commit/78fb47f6c996f22c0b7184afb29620ab8c240522 url
- https://github.com/ag-grid/ag-grid/commit/ff731699453f2632d4852b3a3c34b479c406068c url
- https://github.com/ag-grid/ag-grid package
- https://www.ag-grid.com/changelog/?fixVersion=31.3.4 url
- https://www.ag-grid.com/changelog/?fixVersion=32.0.1 url