Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12ZzZ2LWpjZzMtNW1wN84AA9bm

@aofl/cli-lib Prototype Pollution vulnerability

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Permalink: https://github.com/advisories/GHSA-vg6v-jcg3-5mp7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12ZzZ2LWpjZzMtNW1wN84AA9bm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: about 1 month ago

CVSS Score: 6.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Identifiers: GHSA-vg6v-jcg3-5mp7, CVE-2024-38987
References:

Repository: https://github.com/AgeOfLearning/aofl
Blast Radius: 0.0

Affected Packages

npm:@aofl/cli-lib

Dependent packages: 9
Dependent repositories: 1
Downloads: 885 last month
Affected Version Ranges: <= 4.0.0-alpha.45
No known fixed version
All affected versions: 3.0.0, 3.3.0, 3.5.0, 3.6.1, 3.8.0, 3.8.1, 3.9.0, 3.12.0, 3.12.1, 3.13.0, 3.13.1, 3.14.0, 4.0.0-alpha.0, 4.0.0-alpha.1, 4.0.0-alpha.2, 4.0.0-alpha.3, 4.0.0-alpha.4, 4.0.0-alpha.5, 4.0.0-alpha.6, 4.0.0-alpha.7, 4.0.0-alpha.9, 4.0.0-alpha.10, 4.0.0-alpha.11, 4.0.0-alpha.12, 4.0.0-alpha.13, 4.0.0-alpha.14, 4.0.0-alpha.15, 4.0.0-alpha.16, 4.0.0-alpha.17, 4.0.0-alpha.18, 4.0.0-alpha.19, 4.0.0-alpha.20, 4.0.0-alpha.21, 4.0.0-alpha.22, 4.0.0-alpha.23, 4.0.0-alpha.24, 4.0.0-alpha.25, 4.0.0-alpha.26, 4.0.0-alpha.27, 4.0.0-alpha.28, 4.0.0-alpha.29, 4.0.0-alpha.30, 4.0.0-alpha.31, 4.0.0-alpha.32, 4.0.0-alpha.33, 4.0.0-alpha.34, 4.0.0-alpha.35, 4.0.0-alpha.36, 4.0.0-alpha.37, 4.0.0-alpha.38, 4.0.0-alpha.39, 4.0.0-alpha.40, 4.0.0-alpha.41, 4.0.0-alpha.42, 4.0.0-alpha.43, 4.0.0-alpha.44, 4.0.0-alpha.45