CVE-2024-23339

Summary

CVE-2024-23339 is a vulnerability found in the hoolock suite of utilities. It affects versions 2.0.0 to 2.2.1 of the software and allows unauthorized access or alteration of object prototypes through utility functions related to object paths. In version 2.2.1, attempts to access or alter inherited properties are blocked by throwing a TypeError. The vulnerability has a base severity rating of MEDIUM and a CVSS score of 6.5, indicating a moderate level of danger. It requires no privileges or user interaction for exploitation and can be exploited remotely over a network. The impact on integrity and confidentiality is low, with no availability impact identified. Remediation involves updating to version 2.2.1 or above to mitigate the vulnerability's risks to organizations using the affected products uYAhSh, uYAhSg, and uYAhSi. Note: The summary is based on the provided information and does not include any subjective statements or analysis beyond the facts presented in the text.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.