Description
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Recommendation
Update the requirejs package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.3.6
- Patched version(s): 2.3.7
References
Related Issues
- ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) 2 - CVE-2024-39001
- ag-grid packages vulnerable to Prototype Pollution - CVE-2024-39001
- ag-grid packages vulnerable to Prototype Pollution (GHSA-328p-362g-r48j) - CVE-2024-39001
- node-gettext vulnerable to Prototype Pollution - CVE-2024-21528
- Tags:
- npm
- requirejs
Anything's wrong? Let us know Last updated on August 04, 2024