Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45277

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

Published

2024-10-08T04:15:08.133

Last Modified

2024-11-14T17:54:28.373

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-1321

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	hana-client	< 2.21.31	Yes

References

https://me.sap.com/notes/3520100 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Vendor Advisory ([email protected])
https://www.npmjs.com/package/@sap/hana-client?activeTab=code Product ([email protected])