CVE-2024-57086

CVE-2024-57086 is a prototype pollution vulnerability in the fieldsToJson function of the node-opcua-alarm-condition package version 2.134.0. This flaw allows attackers to cause a Denial of Service (DoS) condition by supplying a crafted payload. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')).

Remote attackers without privileges can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation leads to high-impact disruption of availability for affected applications using the vulnerable package, while confidentiality and integrity remain unaffected.

Advisories and additional details, including potential proof-of-concept information, are available at the referenced GitHub Gist: https://gist.github.com/tariqhawis/30acc3632cf595ca5825b7ec2b2f795a.