Description
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.
Published: 2024-07-30
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Chargeover chargeover\/redoc
CPEs cpe:2.3:a:chargeover:redoc:2.0.9:rc69:*:*:*:node.js:*:* cpe:2.3:a:chargeover:chargeover\/redoc:2.0.9:rc69:*:*:*:node.js:*:*
Vendors & Products Chargeover redoc
Chargeover chargeover\/redoc

Thu, 08 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Chargeover
Chargeover redoc
CPEs cpe:2.3:a:chargeover:redoc:2.0.9:rc69:*:*:*:node.js:*:*
Vendors & Products Chargeover
Chargeover redoc

Subscriptions

Chargeover Chargeover\/redoc
Redocly Redoc
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-02T04:19:20.626Z

Reserved: 2024-06-21T00:00:00.000Z

Link: CVE-2024-39011

cve-icon Vulnrichment

Updated: 2024-07-31T18:29:01.001Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-30T20:15:04.203

Modified: 2026-06-17T07:41:21.600

Link: CVE-2024-39011

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')