ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) 2

Severity:: Medium

Description

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Recommendation

Update the @ag-grid-enterprise/charts package to the latest compatible version. Followings are version details:

Affected version(s): **< 31.3.4 = 32.0.0**
Patched version(s): **31.3.4 32.0.1**

References

GHSA-328p-362g-r48j
www.ag-grid.com
CVE-2024-39001
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) - CVE-2024-39001
ag-grid packages vulnerable to Prototype Pollution - CVE-2024-39001
Prototype pollution in ag-grid-community via the _.mergeDeep function (GHSA-876p-c77m-x2hc) - CVE-2024-38996
Prototype pollution in ag-grid-community via the _.mergeDeep function - CVE-2024-38996

Tags:: npm; @ag-grid-enterprise/charts

Anything's wrong? Let us know Last updated on August 26, 2024