NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-21489

Summary	Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.
Publication Date	Oct. 1, 2024, 2:15 p.m.
Registration Date	Oct. 1, 2024, 8 p.m.
Last Update	Oct. 4, 2024, 10:51 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://security.snyk.io/vuln/SNYK-JS-UPLOT-6209224
2	https://github.com/leeoniya/uPlot/blob/c52e5001c1d959a99ac495a53e4deca5c44464d2/src/utils.js%23L437-L452
3	https://github.com/leeoniya/uPlot/commit/5756e3e9b91270b303157e14bd0174311047d983

Common Vulnerabilities List