Critical severity10.0NVD Advisory· Published Jul 1, 2024· Updated Apr 15, 2026
CVE-2024-38999
CVE-2024-38999
Description
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
requirejsnpm | < 2.3.7 | 2.3.7 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-x3m3-4wpv-5vgcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38999ghsaADVISORY
- gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30anvdWEB
- github.com/requirejs/r.js/issues/1015ghsaWEB
- github.com/requirejs/requirejs/issues/1854ghsaWEB
- github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1ghsaWEB
- security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713ghsaWEB
News mentions
0No linked articles in our index yet.