Moderate severityNVD Advisory· Published Jul 1, 2024· Updated Aug 2, 2024
CVE-2024-39001
CVE-2024-39001
Description
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@ag-grid-enterprise/chartsnpm | >= 32.0.0, < 32.0.1 | 32.0.1 |
ag-grid-communitynpm | >= 32.0.0, < 32.0.1 | 32.0.1 |
ag-grid-enterprisenpm | >= 32.0.0, < 32.0.1 | 32.0.1 |
@ag-grid-enterprise/chartsnpm | < 31.3.4 | 31.3.4 |
ag-grid-communitynpm | < 31.3.4 | 31.3.4 |
ag-grid-enterprisenpm | < 31.3.4 | 31.3.4 |
Affected products
51- osv-coords50 versionspkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:npm/%40ag-grid-enterprise/chartspkg:npm/ag-grid-communitypkg:npm/ag-grid-enterprise
< 2.16.0-r0+ 49 more
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: >= 32.0.0, < 32.0.1
- (no CPE)range: >= 32.0.0, < 32.0.1
- (no CPE)range: >= 32.0.0, < 32.0.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-328p-362g-r48jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39001ghsaADVISORY
- gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766faghsaWEB
- gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844bghsaWEB
- gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08bghsaWEB
- github.com/ag-grid/ag-grid/commit/78fb47f6c996f22c0b7184afb29620ab8c240522ghsaWEB
- github.com/ag-grid/ag-grid/commit/ff731699453f2632d4852b3a3c34b479c406068cghsaWEB
- github.com/ag-grid/ag-grid/issues/8261ghsaWEB
- www.ag-grid.com/changelog/ghsaWEB
- www.ag-grid.com/changelog/ghsaWEB
News mentions
0No linked articles in our index yet.