CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*
cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ag-grid:ag_charts:*:*:*:*:*:*:*:*
cpe:2.3:a:ag-grid:ag_charts:*:*:*:*:*:*:*:*

History

01 May 2025, 14:07

Type Values Removed Values Added
CPE cpe:2.3:a:ag-grid:ag_charts:*:*:*:*:*:*:*:*
cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*
First Time Ag-grid ag-grid
Ag-grid ag Charts
Ag-grid
References () https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa - () https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa - Exploit, Third Party Advisory
References () https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b - () https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b - Exploit, Third Party Advisory
References () https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b - () https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b - Exploit, Third Party Advisory

21 Nov 2024, 09:27

Type Values Removed Values Added
References () https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa - () https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa -
References () https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b - () https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b -
References () https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b - () https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b -

11 Jul 2024, 15:06

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
CWE CWE-1321

01 Jul 2024, 16:37

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-01 13:15

Updated : 2025-05-01 14:07


NVD link : CVE-2024-39001

Mitre link : CVE-2024-39001

CVE.ORG link : CVE-2024-39001


JSON object : View

Products Affected

ag-grid

  • ag-grid
  • ag_charts
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')