CVE-2024-45277

MEDIUM

SAP HANA Node.js client <2.21.31 - Prototype Pollution

Title source: llm

Description

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

References (3)

[Permissions Required] https://me.sap.com/notes/3520100

[Vendor Advisory] https://url.sap/sapsecuritypatchday

[Product] https://www.npmjs.com/package/@sap/hana-client?activeTab=code

Scores

CVSS v3 4.3

EPSS 0.0032

EPSS Percentile 55.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1321

Status published

Products (2)

sap/hana-client 2.0.0 - 2.21.31

sap/hana-client 2.0.0 - 2.21.31npm

Published Oct 08, 2024

Tracked Since Feb 18, 2026