ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ag-grid-enterprise(npm) | 0 | 31.3.4 | N/A |
| ag-grid-community(npm) | 0 | 31.3.4 | N/A |
CVSS Metrics
