CVE-2024-57068

High

Published: 05 February 2025

Published

05 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0017 38.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Security Summary

CVE-2024-57068 is a prototype pollution vulnerability in the lib.mutateMergeDeep function of @tanstack/form-core version 0.35.0. This issue allows attackers to cause a Denial of Service (DoS) condition by supplying a crafted payload. The vulnerability is classified under CWE-732 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high availability impact.

Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no authentication privileges or user interaction. Successful exploitation results in a DoS, disrupting service availability without compromising confidentiality or integrity.

Mitigation details are provided in the advisory referenced at https://gist.github.com/tariqhawis/47fe5b1e584e9e573c0933588248d533.

Details

CWE(s): CWE-732

References

https://gist.github.com/tariqhawis/47fe5b1e584e9e573c0933588248d533
cve@mitre.org