CVE-2024-57075

CVE-2024-57075 is a prototype pollution vulnerability in the lib.Logger function of the eazy-logger package version 4.0.1, a JavaScript logging library. This flaw allows attackers to manipulate the prototype chain by supplying a crafted payload, leading to a Denial of Service (DoS) condition. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-400 (Uncontrolled Resource Consumption).

The vulnerability can be exploited remotely over the network with low complexity, requiring no authentication, privileges, or user interaction. Any unauthenticated attacker who can supply a malicious payload to an application using the affected lib.Logger function can trigger the prototype pollution, resulting in resource exhaustion and application crashes that disrupt availability without impacting confidentiality or integrity.

Details on exploitation, including a proof-of-concept, and potential mitigations are provided in the advisory at https://gist.github.com/tariqhawis/c601f7f85146510ca899a7406a03aba5, published on 2025-02-05.