CVE-2024-57082

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 5, 2025

Updated: Feb 18, 2025

CWE ID 400

Summary

CVE-2024-57082 is a prototype pollution vulnerability affecting the lib.createUploader function in version 1.8.1 of the @rpldy/uploader library. This issue permits attackers to induce a Denial of Service (DoS) condition by providing crafted input. The vulnerability arises when the function fails to adequately validate and sanitize user-supplied data, leading to an unintended data modification and subsequent disruptive behavior. System administrators and developers are advised to update to a patched version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Uploader

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2T2fcR
https://www.cve.org/CVERecord?id=CVE-2024-57082
https://nvd.nist.gov/vuln/detail/CVE-2024-57082

Back to Vulnerability Database

CVE-2024-57082

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations