CVE-2024-39011
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk55th percentile - higher than 55% of all known CVEs
Summary
Version 2.0.9-rc.69 of the chargeover library contains a prototype pollution vulnerability that allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via the mergeObjects function.
Risk Assessment
This vulnerability could lead to serious consequences, including unauthorized access to systems and disruption of their operation.
Recommendation
It is recommended to update the chargeover library to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.
Original NVD description (English source)
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.

