100DaysOfCode icon indicating copy to clipboard operation
100DaysOfCode copied to clipboard

Published 20 hours ago verified publisher icon b-tomi

CVE-2024-57075 (High) detected in eazy-logger-3.1.0.tgz

Open mend-bolt-for-github[bot] opened this issue 9 months ago • 0 comments

CVE-2024-57075 - High Severity Vulnerability

Vulnerable Library - eazy-logger-3.1.0.tgz

Simple cli logger

Library home page: https://registry.npmjs.org/eazy-logger/-/eazy-logger-3.1.0.tgz

Path to dependency file: /day60/package.json

Path to vulnerable library: /day60/package.json,/day59/package.json

Dependency Hierarchy:

  • browser-sync-2.26.13.tgz (Root Library)
    • :x: eazy-logger-3.1.0.tgz (Vulnerable Library)

Found in HEAD commit: c88b9429eb68a85b22f0e39cac7bf20b89cb6709

Found in base branch: master

Vulnerability Details

A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Publish Date: 2025-02-05

URL: CVE-2024-57075

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Feb 06 '25 18:02 mend-bolt-for-github[bot]