CVE-2024-23339

MEDIUM

Elijahharry Hoolock < 2.2.1 - Prototype Pollution

Title source: rule

Description

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.

Exploits (1)

nomisec WRITEUP
by 200101WhoAmI · poc
https://github.com/200101WhoAmI/CVE-2024-23339

References (2)

Scores

CVSS v3 6.3
EPSS 0.1234
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE
CWE-1321
Status published
Products (2)
elijahharry/hoolock 2.0.0 - 2.2.1
npm/hoolock 2.0.0 - 2.2.1npm
Published Jan 22, 2024
Tracked Since Feb 18, 2026