Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04dnI0LWg0cnItOHBoNs4AA8WB
MiguelCastillo @bit/loader Prototype Pollution issue
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.
Permalink: https://github.com/advisories/GHSA-8vr4-h4rr-8ph6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dnI0LWg0cnItOHBoNs4AA8WB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 3 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-8vr4-h4rr-8ph6, CVE-2024-24293
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24293
- https://gist.github.com/tariqhawis/986fb1c9da6be526fb2656ba8d194b7f
- https://github.com/advisories/GHSA-8vr4-h4rr-8ph6
Affected Packages
npm:@bit/loader
Dependent packages: 2Dependent repositories: 1
Downloads: 155 last month
Affected Version Ranges: <= 10.0.3
No known fixed version
All affected versions: 10.0.0, 10.0.1, 10.0.2, 10.0.3