CVE-2024-21489

Published Oct 1, 2024

Last updated a month ago

CVSS high 8.2

Overview

Description
Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
Source
report@snyk.io
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.2
Impact score
4.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Severity
HIGH

Weaknesses

report@snyk.io
CWE-1321

Social media

Hype score
Not currently trending

References