CVE-2024-57067

CVE-2024-57067 is a prototype pollution vulnerability in the lib.parse function of the dot-qs v0.2.0 package. This flaw enables attackers to supply a crafted payload that pollutes the JavaScript prototype chain, leading to a Denial of Service (DoS) condition. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is classified under CWE-1321 (Prototype Pollution). It was published on 2025-02-05.

A remote attacker with no required privileges can exploit this vulnerability over the network with low attack complexity and no user interaction. By delivering a specially crafted payload to an application that uses dot-qs v0.2.0 for query string parsing, the attacker triggers prototype pollution, resulting in high-impact disruption to availability, such as application crashes or resource exhaustion.

For details on advisories, patches, or mitigation strategies, refer to the provided reference: https://gist.github.com/tariqhawis/07dca101d8fe059dd11b3b0e1b4a6d46.