Security Advisory

CVE-2024-38985

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-28 00:00:00

Last updated 2025-04-01 18:29:55

Assigner mitre

State PUBLISHED

Description

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

← Browse all CVEs View on cve.org ↗