CVE-2024-57708

MEDIUM

OneTrust SDK 6.33.0 - Denial of Service via Prototype Pollution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57708. PoCs published by Alameen Karim Merali.

AI-analyzed exploit summary The exploit demonstrates a Prototype Pollution vulnerability in OneTrust SDK 6.33.0, allowing an attacker to inject malicious properties into the prototype chain, leading to Denial of Service (DoS) or altered object behavior. The PoC uses `Object.setPrototypeOf` and `Object.assign` to pollute `Object.prototype` globally.

Description

An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability.

Exploits (1)

exploitdb WORKING POC
by Alameen Karim Merali · textremotelinux
https://www.exploit-db.com/exploits/52340

The exploit demonstrates a Prototype Pollution vulnerability in OneTrust SDK 6.33.0, allowing an attacker to inject malicious properties into the prototype chain, leading to Denial of Service (DoS) or altered object behavior. The PoC uses `Object.setPrototypeOf` and `Object.assign` to pollute `Object.prototype` globally.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: OneTrust SDK v6.33.0
No auth needed
Prerequisites: Access to execute JavaScript in the target environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.7
EPSS 0.0057
EPSS Percentile 69.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-1321 CWE-400 CWE-471 CWE-915
Status published
Published Jun 25, 2025
Tracked Since Feb 18, 2026