CVE-2024-57086: node-opcua-alarm-condition prototype pollution vulnerability
(updated )
A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
References
- gist.github.com/tariqhawis/30acc3632cf595ca5825b7ec2b2f795a
- github.com/advisories/GHSA-gvwq-6fmx-28xm
- github.com/node-opcua/node-opcua
- github.com/node-opcua/node-opcua/blob/330db56bb62bce9fff80382daee1fac94311978d/packages/node-opcua-alarm-condition/test/test_cve_polution_attack.ts
- github.com/node-opcua/node-opcua/issues/1433
- nvd.nist.gov/vuln/detail/CVE-2024-57086
Code Behaviors & Features
Detect and mitigate CVE-2024-57086 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →