ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) 2

Severity:: Medium

Description

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Recommendation

Update the @ag-grid-enterprise/charts package to the latest compatible version. Followings are version details:

Affected version(s): **< 31.3.4 = 32.0.0**
Patched version(s): **31.3.4 32.0.1**

References

GHSA-328p-362g-r48j
www.ag-grid.com
CVE-2024-39001
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params - CVE-2025-32388
MongoDB Shell may be susceptible to control character injection via pasting - CVE-2025-1692
Strapi's field level permissions not being respected in relationship title - CVE-2023-37263
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS - CVE-2024-45812

Tags:: npm; @ag-grid-enterprise/charts

Anything's wrong? Let us know Last updated on August 26, 2024