CVE-2024-57085

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 5, 2025

Updated: Feb 6, 2025

CWE ID 1321

Summary

CVE-2024-57085 is a prototype pollution vulnerability affecting the deepMerge function in the @stryker-mutator/util library, version 8.6.0. This issue permits attackers to supply a maliciously crafted payload, leading to a Denial of Service (DoS) condition in the targeted system. By manipulating the function's handling of merged objects, an attacker can cause unintended behavior or exhaust system resources, resulting in a disruption of services. Users are advised to upgrade to a patched version of the library to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Util

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2T1tVm
https://www.cve.org/CVERecord?id=CVE-2024-57085
https://nvd.nist.gov/vuln/detail/CVE-2024-57085

Back to Vulnerability Database

CVE-2024-57085

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations