CVE-2024-45277

MEDIUM

SAP HANA Node.js client <2.21.31 - Prototype Pollution

Title source: llm

Description

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

References (3)

Core 3

Core References

Permissions Required

https://me.sap.com/notes/3520100

Vendor Advisory

https://url.sap/sapsecuritypatchday

Product

https://www.npmjs.com/package/@sap/hana-client?activeTab=code

Scores

CVSS v3 4.3

EPSS 0.0059

EPSS Percentile 43.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1321

Status published

Products (2)

sap/hana-client 2.0.0 - 2.21.31

sap/hana-client 2.0.0 - 2.21.31npm

Published Oct 08, 2024

Tracked Since Feb 18, 2026