CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39001
https://notcve.org/view.php?id=CVE-2024-39001
01 Jul 2024 — ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que ag-grid-enterprise v31.3.2 contenía un prototipo de contaminación a través del componente _ModuleSupport.jsonApply. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la ... • https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38996
https://notcve.org/view.php?id=CVE-2024-38996
01 Jul 2024 — ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que ag-grid-community v31.3.2 y ag-grid-enterprise v31.3.2 contenían un prototipo de contaminación a través de la función _.mergeDeep. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegació... • https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •