Skip to content

Fix CVE–2024–38999#5

Open
debricked-staging[bot] wants to merge 1 commit intodebricked-fix-bulk_fix-4332897baa2226effrom
debricked-fix-CVE_2024_38999-5c5bb844465db6f5
Open

Fix CVE–2024–38999#5
debricked-staging[bot] wants to merge 1 commit intodebricked-fix-bulk_fix-4332897baa2226effrom
debricked-fix-CVE_2024_38999-5c5bb844465db6f5

Conversation

@debricked-staging
Copy link

@debricked-staging debricked-staging bot commented May 23, 2025

CVE–2024–38999

Vulnerability details

Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

GitLab Advisory Database (Open Source Edition)

jrburke requirejs vulnerable to prototype pollution

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

NVD

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

GitHub

jrburke requirejs vulnerable to prototype pollution

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

CVSS details - 10

 

CVSS3 metrics
Attack Vector Network
Attack Complexity Low
Privileges Required None
User interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High
References

    NVD - CVE-2024-38999
    jrburke requirejs vulnerable to prototype pollution ?? CVE-2024-38999 ?? GitHub Advisory Database ?? GitHub
    npm/requirejs/CVE-2024-38999.yml · main · GitLab.org / GitLab Advisory Database Open Source Edition · GitLab
    Prototype Pollution in requirejs | Snyk
    Security Vulnerability: Prototype polution ?? Issue #1854 ?? requirejs/requirejs ?? GitHub
    Prototype Pollution Vulnerability Affecting requirejs@2.3.6 module ?? Issue #1015 ?? requirejs/r.js ?? GitHub
    Fixes #1854, prototype pollution by jrburke ?? Pull Request #1856 ?? requirejs/requirejs ?? GitHub
    GitHub - requirejs/r.js: Runs RequireJS in Node and Rhino, and used to run the RequireJS optimizer
    [CVE-2024-38998] Vulnerability Advisory: Prototype Pollution in requirejs, versions <= 2.3.6 ?? GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE

 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants