CVE-2024-57065

CVE-2024-57065 is a prototype pollution vulnerability in the lib.createPath function of the utile v0.3.0 JavaScript library. This flaw allows attackers to supply a crafted payload that pollutes the prototype chain, leading to a Denial of Service (DoS) condition. The vulnerability is classified under CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes) and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

The vulnerability can be exploited by any remote, unauthenticated attacker with network access to an application using the affected utile v0.3.0 library. Exploitation requires low complexity and no user interaction, enabling an attacker to send a specially crafted payload to the lib.createPath function. Successful exploitation results in a DoS, disrupting service availability without affecting confidentiality or integrity.

For mitigation details, refer to the advisory at https://gist.github.com/tariqhawis/7b2c50ccdec39a030091e48a4ccde688, published on 2025-02-05.