CVE-2024-21548: Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo

December 18, 2024

Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun’s APIs that accept objects.

References

github.com/advisories/GHSA-v9mx-4pqq-h232
github.com/oven-sh/bun
github.com/oven-sh/bun/commit/a234e067a5dc7837602df3fb5489e826920cc65a
github.com/oven-sh/bun/pull/14119
nvd.nist.gov/vuln/detail/CVE-2024-21548
security.snyk.io/vuln/SNYK-JS-BUN-8499549

Detect and mitigate CVE-2024-21548 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →