CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38998

Medium Severity
Requirejs
SVRS
36/100
CVSSv3
NA/10
EPSS
0.00043/1

CVE-2024-38998 is a rejected CVE, initially thought to be a security vulnerability but later withdrawn after further investigation revealed it was not a security issue. While it was initially assigned a CVSS score of 0, indicating minimal impact, SOCRadar's Vulnerability Risk Score (SVRS) assigns it a score of 36. This suggests some perceived risk, potentially due to initial misclassification and early reporting. The CVE was rejected by its CNA, confirming the lack of a genuine vulnerability. Although tagged 'In The Wild', this likely stems from initial reports before the rejection. The primary risk is confusion and wasted effort investigating a non-existent threat. Therefore, CVE-2024-38998 should be disregarded as a legitimate security concern.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-07-01
LAST MODIFIED2025-01-28

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-38998 | jrburke requirejs 2.3.6 config prototype pollution
vuldb.com2024-07-01
CVE-2024-38998 | jrburke requirejs 2.3.6 config prototype pollution | A vulnerability was found in jrburke requirejs 2.3.6. It has been classified as problematic. This affects the function config. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is uniquely identified as CVE-2024-38998. Access to the local network is required for this attack. There is
cve-2024-38998
domains
urls
cves

Social Media

CVE-2024-38998 jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... https://t.co/PjNOG6OhXv
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppRequirejsrequirejs

References

ReferenceLink
[email protected]https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
GITHUBhttps://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a

CWE Details

CWE IDCWE NameDescription
CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence