CVE-2024-45277 MEDIUM

CVE-2024-45277: Prototype Pollution vulnerability in SAP HANA Client

Vendor Sap_Se
Product SAP HANA Client
Weakness CWE-1321
Published October 8, 2024
Last update October 8, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
October 8, 2024 Record updated