CVE-2024-39001

MEDIUM

Ag-grid < 31.3.4 - Prototype Pollution

Title source: rule

Description

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References (3)

[Exploit, Third Party Advisory] https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa

[Exploit, Third Party Advisory] https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b

[Exploit, Third Party Advisory] https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b

Scores

CVSS v3 6.3

EPSS 0.0026

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1321

Status published

Products (5)

ag-grid/ag-grid < 31.3.4

ag-grid/ag_charts < 9.3.2

ag-grid-enterprise/charts 32.0.0 - 32.0.1npm

npm/ag-grid-community 32.0.0 - 32.0.1npm

npm/ag-grid-enterprise 32.0.0 - 32.0.1npm

Published Jul 01, 2024

Tracked Since Feb 18, 2026