CVE-2024-36574

MEDIUM

flatten-json <1.0.1 - RCE

Title source: llm

Description

A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42)

References (1)

[Various Sources] https://gist.github.com/mestrtee/d5a0c93459599f77557b5bbe78b57325

Scores

CVSS v3 6.3

EPSS 0.0017

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1321

Status published

Products (1)

allanlancioni/flatten-json 0npm

Published Jun 17, 2024

Tracked Since Feb 18, 2026