CVE-2024-57072

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 5, 2025

Updated: Feb 6, 2025

CWE ID 1321

Summary

CVE-2024-57072 is a vulnerability affecting the lib.requireFromString function in module-from-string version 3.3.1. This issue permits prototype pollution, which enables attackers to cause a Denial of Service (DoS) by supplying crafted payloads. The vulnerability arises due to insufficient input validation in the function, leading to unintended modifications of prototypes and subsequent application instability. This weakness can be exploited by attackers to disrupt the target system. Users are advised to upgrade to a non-vulnerable version of module-from-string as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T1Lp2
https://www.cve.org/CVERecord?id=CVE-2024-57072
https://nvd.nist.gov/vuln/detail/CVE-2024-57072

Back to Vulnerability Database

CVE-2024-57072

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations