How severe is CVE-2024-36572?

CVE-2024-36572 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-36572

Name: formmanager_data_handler
Author: allpro

9.8CRITICAL

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.

发布于: 7/30/2024更新于: 11/21/2024

描述

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.

AI分析AI驱动

受影响产品

allproformmanager_data_handler

0.7.4

参考资料

https://gist.github.com/mestrtee/1771ab4fba733ca898b6e2463dc6ed19
Exploit
https://github.com/allpro/form-manager/issues/1
ExploitIssue Tracking
https://gist.github.com/mestrtee/1771ab4fba733ca898b6e2463dc6ed19
Exploit
https://github.com/allpro/form-manager/issues/1
ExploitIssue Tracking