Vulnerability Details CVE-2024-38985
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.8%
CVSS Severity
CVSS v3 Score 9.8
References