CVE-2024-21489

Summary

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

Affected Software

VendorProductVersion RangeStatus
n/auplot0 < 1.6.31affected

Weaknesses

  • CWE-1321: Prototype Pollution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References