CVE-2024-57066

CVE-2024-57066 is a prototype pollution vulnerability in the lib.deep function of the @ndhoule/defaults npm package version 2.0.1. This flaw allows attackers to manipulate object prototypes by supplying a crafted payload, leading to a Denial of Service (DoS) condition. The vulnerability is classified under CWE-1321 (Prototype Pollution) with a CVSS v3.1 base score of 7.5, reflecting high severity due to its impact on availability.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, authentication, or user interaction (AV:N/AC:L/PR:N/UI:N). By injecting a malicious payload into the lib.deep function, an attacker can pollute the prototype chain, potentially crashing the application or rendering it unresponsive, resulting in high availability impact (A:H) without affecting confidentiality or integrity.

Advisories point to a GitHub Gist for further details on the vulnerability: https://gist.github.com/tariqhawis/8ee7327cc8b78df738cd32505cbbbd44. No specific patches or mitigations are detailed in the provided CVE information.