CVE-2024-57081

Summary

CVE-2024-57081 is a new vulnerability affecting the lib.fromQuery function in underscore-contrib version 0.3.0. Attackers can exploit this prototype pollution flaw to cause a Denial of Service (DoS) by supplying specially crafted payloads to the function. The vulnerability arises due to insufficient input validation, allowing attackers to inject malicious data beyond the intended boundaries, ultimately leading to unintended function behavior and system instability. This issue poses a significant risk for applications that rely on underscore-contrib for query string parsing and should be addressed promptly by applying the available patch or update.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.