CVE-2024-38988: @alizeait/unflatto Prototype Pollution
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
References
- gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713
- github.com/advisories/GHSA-q8jq-4rm5-4hm5
- github.com/alizeait/unflatto
- github.com/alizeait/unflatto/commit/3c1b120f1dcd44eefe07d4a5022e1baa3c7164d3
- github.com/alizeait/unflatto/issues/32
- github.com/alizeait/unflatto/security/advisories/GHSA-q8jq-4rm5-4hm5
- nvd.nist.gov/vuln/detail/CVE-2024-38988
Code Behaviors & Features
Detect and mitigate CVE-2024-38988 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →