CVE-2024-23339

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.
Prototype Pollution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
GitHub_MCNA
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
elijahharryhoolock
2.0.0 ≤
𝑥
< 2.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982
https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25
https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982
https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25