ag-grid packages vulnerable to Prototype Pollution - ag-grid-enterprise

Severity:: Medium

Description

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Recommendation

Update the ag-grid-enterprise package to the latest compatible version. Followings are version details:

Affected version(s): **< 31.3.4 = 32.0.0**
Patched version(s): **31.3.4 32.0.1**

References

GHSA-328p-362g-r48j
www.ag-grid.com
CVE-2024-39001
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

ag-grid packages vulnerable to Prototype Pollution - @ag-grid-enterprise/charts - CVE-2024-39001
ag-grid packages vulnerable to Prototype Pollution - CVE-2024-39001
Prototype pollution in ag-grid-community via the _.mergeDeep function - ag-grid-enterprise - CVE-2024-38996
Prototype pollution in ag-grid-community via the _.mergeDeep function - CVE-2024-38996

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; ag-grid-enterprise

Anything's wrong? Let us know Last updated on August 26, 2024