← back
CVE-2024-21505

CVE-2024-21505

CVSS 7.5 HIGHEPSS 0.7%CWE-1321
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Affected products
n/a · web3-utils

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337