CVE-2024-38987: @aofl/cli-lib Prototype Pollution vulnerability

July 1, 2024 (updated July 11, 2024)

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

gist.github.com/mestrtee/29636943e6989e67f38251580cbcea73
github.com/AgeOfLearning/aofl
github.com/AgeOfLearning/aofl/issues/35
github.com/advisories/GHSA-vg6v-jcg3-5mp7
nvd.nist.gov/vuln/detail/CVE-2024-38987

Code Behaviors & Features

Detect and mitigate CVE-2024-38987 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →