CVE-2024-21548
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
7.5
HIGH
CVSS 3.1
EPSS 0.21%
Description
Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects.
How to fix CVE-2024-21548
To remediate CVE-2024-21548, upgrade the affected package to a fixed version below.
- —upgrade to 1.1.30 or later
Is CVE-2024-21548 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.30
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |