CVE-2024-45277: SAP HANA Node.js client package vulnerable to Prototype Pollution

October 8, 2024

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

References

github.com/advisories/GHSA-6339-gv7w-g5f4
me.sap.com/notes/3520100
nvd.nist.gov/vuln/detail/CVE-2024-45277
url.sap/sapsecuritypatchday
www.npmjs.com/package/@sap/hana-client?activeTab=code

Code Behaviors & Features

Detect and mitigate CVE-2024-45277 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →