CVE-2024-45277 – @sap/hana-client

Package

Manager: npm
Name: @sap/hana-client
Vulnerable Version: >=2.0.0 <2.21.31

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0066 pctl0.70191

Details

SAP HANA Node.js client package vulnerable to Prototype Pollution The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

Metadata

Created: 2024-10-08T06:30:47Z
Modified: 2024-10-08T14:37:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-6339-gv7w-g5f4/GHSA-6339-gv7w-g5f4.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-6339-gv7w-g5f4
Finding: F390
Auto approve: 1