CVE-2024-38997: Medium severity npm/@adolph_dudu/ratio-swiper vulnerability

Published Jul 1, 2024

Updated

adolphdudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected Software

2 affected components

npm/@adolph_dudu/ratio-swiper=0.0.2

Swiperjs Swiper=0.0.2

Event History

Jul 1, 2024

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·01:15 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·01:15 PM

Affected Software

Advisory Published

via GitHub·03:32 PM

Frequently Asked Questions

What is the severity of CVE-2024-38997?

CVE-2024-38997 has a high severity due to its capability to enable arbitrary code execution or cause Denial of Service.

How do I fix CVE-2024-38997?

To fix CVE-2024-38997, update the @adolph_dudu/ratio-swiper package to a version higher than 0.0.2.

What products are affected by CVE-2024-38997?

The vulnerability CVE-2024-38997 specifically affects the @adolph_dudu/ratio-swiper version 0.0.2.

What type of vulnerability is CVE-2024-38997?

CVE-2024-38997 is a prototype pollution vulnerability that can lead to unauthorized property injection.

Can CVE-2024-38997 lead to security breaches?

Yes, CVE-2024-38997 can lead to security breaches by allowing attackers to execute arbitrary code.

CVE-2024-38997: Medium severity npm/@adolph_dudu/ratio-swiper vulnerability

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-38997?

How do I fix CVE-2024-38997?

What products are affected by CVE-2024-38997?

What type of vulnerability is CVE-2024-38997?

Can CVE-2024-38997 lead to security breaches?

Company

Resources

Contact