CVE-2024-21548
HIGH7.5EPSS 0.21%Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Published: 12/18/2024Modified: 12/18/2024
Also known as:GHSA-v9mx-4pqq-h232
Description
Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects.
Affected packages (1)
- npm/bunfrom 0, < 1.1.30
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |