CVE-2024-21505

Published Mar 25, 2024

Last updated 3 months ago

Overview

Description
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.
Source
report@snyk.io
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

report@snyk.io
CWE-1321
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-1321

Social media

Hype score
Not currently trending

References