CVE-2024-23339
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (get, set, and update) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the get, set and update functions throw a TypeError when a user attempts to access or alter inherited properties.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| elijahharry | hoolock | >= 2.0.0, < 2.2.1 | affected |
Weaknesses
- CWE-1321: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25
- https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25
- https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.