Critical severity10.0GHSA Advisory· Published Jul 1, 2024· Updated Apr 15, 2026
CVE-2024-38999
CVE-2024-38999
Description
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
requirejsnpm | < 2.3.7 | 2.3.7 |
Affected products
24- osv-coords23 versionspkg:apk/chainguard/py3.10-jupyterhubpkg:apk/chainguard/py3.10-jupyterhub-binpkg:apk/chainguard/py3.11-jupyterhubpkg:apk/chainguard/py3.11-jupyterhub-binpkg:apk/chainguard/py3.12-jupyterhubpkg:apk/chainguard/py3.12-jupyterhub-binpkg:apk/chainguard/py3.13-jupyterhubpkg:apk/chainguard/py3.13-jupyterhub-binpkg:apk/chainguard/py3-jupyterhubpkg:apk/chainguard/py3-supported-jupyterhubpkg:apk/wolfi/py3.10-jupyterhubpkg:apk/wolfi/py3.10-jupyterhub-binpkg:apk/wolfi/py3.11-jupyterhubpkg:apk/wolfi/py3.11-jupyterhub-binpkg:apk/wolfi/py3.12-jupyterhubpkg:apk/wolfi/py3.12-jupyterhub-binpkg:apk/wolfi/py3.13-jupyterhubpkg:apk/wolfi/py3.13-jupyterhub-binpkg:apk/wolfi/py3-jupyterhubpkg:apk/wolfi/py3-supported-jupyterhubpkg:npm/requirejspkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6
< 5.2.0-r0+ 22 more
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 5.2.0-r0
- (no CPE)range: < 2.3.7
- (no CPE)range: < 8.5-150600.3.6.1
- (no CPE)range: < 8.5-150600.3.6.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-x3m3-4wpv-5vgcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38999ghsaADVISORY
- gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30anvdWEB
- github.com/requirejs/r.js/issues/1015ghsaWEB
- github.com/requirejs/requirejs/issues/1854ghsaWEB
- github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1ghsaWEB
- security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713ghsaWEB
News mentions
0No linked articles in our index yet.