Base Score

HIGH8.3

CVE-2024-36577

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

VectorNETWORK

Published Bycve@mitre.org

Published DateJun 17, 2024, 16:15

Affected Versions(1)

@apphp/object-resolver(npm)

Introduced0

Fixed3.1.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
@apphp/object-resolver(npm)	0	3.1.1	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

8.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://gist.github.com/mestrtee/c90189f3d8480a5f267395ec40701373

Base Score

HIGH8.3

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

8.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

HIGH