Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Blackprint @blackprint/engine Prototype Pollution issue
A Prototype Pollution issue in Blackprint @blackprint/engine 0.8.12 through 0.9.1 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 5 months ago
Updated: 3 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-g3q2-vcjq-rgrc, CVE-2024-24294
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24294
- https://gist.github.com/mestrtee/d1eb6e1f7c6dd60d8838c3e56cab634d
- https://github.com/Blackprint/engine-js/commit/bd6b965b03c467e7a58ab0cb89b9172fa5e07013
- https://github.com/advisories/GHSA-g3q2-vcjq-rgrc
Blast Radius: 10.2
Affected Packages
npm:@blackprint/engine
Dependent packages: 10Dependent repositories: 11
Downloads: 168 last month
Affected Version Ranges: >= 0.8.12, < 0.9.2
Fixed in: 0.9.2
All affected versions: 0.8.12, 0.8.13, 0.8.15, 0.9.0, 0.9.1
All unaffected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.1, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.9.2