CVE-2024-21528

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Sep 10, 2024
CWE ID 1321

Summary

CVE-2024-21528 identifies a vulnerability in all versions of the node-gettext package, which is susceptible to Prototype Pollution via the addTranslations() function in gettext.js due to inadequate user input sanitization. This flaw can potentially allow attackers to manipulate object prototypes, leading to high availability impacts with no integrity or confidentiality impact. Affected products include yeMEys, and remediation may involve updating the node-gettext package to a secure version that addresses this vulnerability. The exploitability score is rated at 2.2 with a base severity of medium, indicating that while no user interaction is required, successful exploitation may occur over a network with high complexity. Organizations utilizing this package should prioritize patching to mitigate potential risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share