CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-39017

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00392/1

CVE-2024-39017: Prototype pollution vulnerability discovered in agreejs v0.0.1. Attackers can exploit the mergeInternalComponents function to inject arbitrary properties, potentially leading to arbitrary code execution or a Denial of Service (DoS) condition.

Although CVE-2024-39017 has a CVSS score of 0, indicating minimal base severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30 and it is tagged as "In The Wild," suggesting active exploitation, increasing the threat level despite the low CVSS score. This discrepancy highlights the limitations of relying solely on CVSS for risk assessment. The prototype pollution vulnerability enables adversaries to manipulate object prototypes, resulting in unexpected behavior and potential compromise of the application. While the SVRS does not indicate critical severity, the "In The Wild" tag suggests vigilant monitoring and patching should be prioritized to prevent exploitation.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-07-01
LAST MODIFIED2024-07-01
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-39017 is a prototype pollution vulnerability in agreejs shared v0.0.1. It allows attackers to execute arbitrary code or cause a Denial of Service (DoS) by injecting arbitrary properties. The SVRS for this vulnerability is 38, indicating a moderate risk.

Key Insights

  • This vulnerability can be exploited remotely without requiring user interaction.
  • Attackers can use this vulnerability to gain control of affected systems and execute arbitrary code.
  • The vulnerability is particularly dangerous because it can be used to target web applications and services.

Mitigation Strategies

  • Update to agreejs shared v0.0.2 or later.
  • Restrict access to untrusted sources that could exploit this vulnerability.
  • Implement input validation and sanitization to prevent attackers from injecting malicious code.

Additional Information

  • There are no known active exploits for this vulnerability.
  • CISA has not issued a warning for this vulnerability.
  • This vulnerability is not known to be used in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-39017 | agreejs shared 0.0.1 mergeInternalComponents prototype pollution
vuldb.com2024-07-01
CVE-2024-39017 | agreejs shared 0.0.1 mergeInternalComponents prototype pollution | A vulnerability was found in agreejs shared 0.0.1. It has been classified as problematic. Affected is the function mergeInternalComponents. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-39017. The attack needs to be approached within the local network. There is no
cve-2024-39017
domains
urls
cves

Social Media

CVE-2024-39017 agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Ser... https://t.co/X0e0KzrPZY
0
0
0
CVE-2024-39017 agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitra… https://t.co/cRodAZOit3
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b
GITHUBhttps://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence