CVE-2024-23339

moderate-risk
Published 2024-01-22

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.

Do I need to act?

!
12.3% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Elijahharry

References (4)

Patch https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f6...
Vendor Advisory https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25
Patch https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f6...
Vendor Advisory https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25
40
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 12/34 · Low
Exposure 5/34 · Minimal