CVE-2024-24292

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component.
Prototype Pollution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
aliconnectsoftware_development_kit
0.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/tariqhawis/a8b2c936622c885558173c37df0a77d9
https://gist.github.com/tariqhawis/a8b2c936622c885558173c37df0a77d9