CVE Catalog

CVE-2024-39011

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.91%

55th percentile - higher than 55% of all known CVEs

Summary

Version 2.0.9-rc.69 of the chargeover library contains a prototype pollution vulnerability that allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via the mergeObjects function.

Risk Assessment

This vulnerability could lead to serious consequences, including unauthorized access to systems and disruption of their operation.

Recommendation

It is recommended to update the chargeover library to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.

Original NVD description (English source)

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS