CVE-2024-21489

Summary

CVE-2024-21489 identifies a vulnerability in versions of the uplot package prior to 1.6.31, which allows for Prototype Pollution through the uplot.assign function due to inadequate checks on attribute resolutions. This vulnerability has a high base score of 8.2 and poses significant integrity risks, with an exploitability score of 3.9, indicating that it requires no privileges or user interaction to exploit and can be targeted over the network. Organizations using affected versions may experience integrity impacts, which could allow attackers to manipulate object prototypes, potentially leading to further exploitation within applications relying on this package. To remediate this vulnerability, users are advised to upgrade to version 1.6.31 or later of the uplot package. For further details on this vulnerability and its remediation measures, users can refer to resources such as GitHub and Snyk security reports.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.