CVE-2024-57080
Published: 05 February 2025
Description
A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
Security Summary
CVE-2024-57080 is a prototype pollution vulnerability in the lib.install function of vxe-table version 4.8.10. This flaw allows attackers to supply a crafted payload that pollutes the JavaScript object prototype, leading to a Denial of Service (DoS) condition. The vulnerability is classified under CWE-1321 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, authentication, or user interaction. By injecting a malicious payload into the lib.install function, attackers can disrupt application functionality, causing the service to crash or become unresponsive, resulting in a DoS without affecting confidentiality or integrity.
For mitigation details, refer to the advisory at https://gist.github.com/tariqhawis/c0b5fa2d7e4edd3f000e73fb7a10ccbc. The vulnerability was published on 2025-02-05.
Details
- CWE(s)