CVE-2024-36577: Object Resolver Prototype Pollution

June 17, 2024

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

References

gist.github.com/mestrtee/c90189f3d8480a5f267395ec40701373
github.com/advisories/GHSA-qj86-v6m7-4qv2
github.com/apphp/js-object-resolver
github.com/apphp/js-object-resolver/commit/7e347a26bf04d6a4f7525f6605666afbb218afca
nvd.nist.gov/vuln/detail/CVE-2024-36577

Code Behaviors & Features

Detect and mitigate CVE-2024-36577 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →