CVSS 3.1 Score 6.5 of 10 (medium)


Published Jan 22, 2024
Updated: Jan 30, 2024
CWE ID 1321


CVE-2024-23339 is a vulnerability found in the hoolock suite of utilities. It affects versions 2.0.0 to 2.2.1 of the software and allows unauthorized access or alteration of object prototypes through utility functions related to object paths. In version 2.2.1, attempts to access or alter inherited properties are blocked by throwing a TypeError. The vulnerability has a base severity rating of MEDIUM and a CVSS score of 6.5, indicating a moderate level of danger. It requires no privileges or user interaction for exploitation and can be exploited remotely over a network. The impact on integrity and confidentiality is low, with no availability impact identified. Remediation involves updating to version 2.2.1 or above to mitigate the vulnerability's risks to organizations using the affected products uYAhSh, uYAhSg, and uYAhSi.

Note: The summary is based on the provided information and does not include any subjective statements or analysis beyond the facts presented in the text.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23339 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options