Main Vulnerability Database Exploits ID:10139 - Exploit for Prototype pollution in ejs - CVE-2024-33883

ID:10139 - Exploit for Prototype pollution in ejs - CVE-2024-33883

Published: June 28, 2024

Vulnerability identifier: #VU92245

Vulnerability risk: High

CVE-ID: CVE-2024-33883

CWE-ID: CWE-1321

Exploitation vector: Remote access

Vulnerable software:
ejs

Link to public exploit:

https://github.com/Grantzile/PoC-CVE-2024-33883

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation. A remote attacker can add or modify properties of Object.prototype using a __proto__ or constructor payload to execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

ID:10139 - Exploit for Prototype pollution in ejs - CVE-2024-33883

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human