Moderate severityNVD Advisory· Published Jan 23, 2025· Updated Jan 24, 2025

CVE-2024-57556

Description

Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
store2npm	< 2.14.4	2.14.4

Affected products

nbubna/storecpe-rescue
ghsa-coords
pkg:npm/store2
Range: < 2.14.4

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-w5hq-hm5m-4548ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-57556ghsaADVISORY
github.com/nbubna/store/issues/127ghsaWEB
github.com/nbubna/store/pull/128ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000