CVE-2024-57083

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-57083

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57083.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-57083

Aliases

GHSA-9rhg-254w-fh9x

Published

2025-03-28T21:15:17.307Z

Modified

2025-11-16T10:23:55.205336Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

References

https://github.com/Redocly/redoc/issues/2499

Affected packages

Git / github.com/redocly/redoc

Affected ranges

Type: GIT
Repo: https://github.com/redocly/redoc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1593d01936054e5633e4ca8c014f34d28d320813

Affected versions

2.*

2.0.0-rc.69

v1.*

v1.20.0

v1.21.0

v1.21.1

v1.21.2

v2.*

v2.0.0

v2.0.0-alpha.0

v2.0.0-alpha.10

v2.0.0-alpha.11

v2.0.0-alpha.12

v2.0.0-alpha.13

v2.0.0-alpha.14

v2.0.0-alpha.15

v2.0.0-alpha.16

v2.0.0-alpha.17

v2.0.0-alpha.18

v2.0.0-alpha.19

v2.0.0-alpha.2

v2.0.0-alpha.20

v2.0.0-alpha.21

v2.0.0-alpha.22

v2.0.0-alpha.23

v2.0.0-alpha.24

v2.0.0-alpha.25

v2.0.0-alpha.27

v2.0.0-alpha.28

v2.0.0-alpha.29

v2.0.0-alpha.3

v2.0.0-alpha.30

v2.0.0-alpha.31

v2.0.0-alpha.32

v2.0.0-alpha.33

v2.0.0-alpha.34

v2.0.0-alpha.35

v2.0.0-alpha.36

v2.0.0-alpha.37

v2.0.0-alpha.38

v2.0.0-alpha.39

v2.0.0-alpha.4

v2.0.0-alpha.40

v2.0.0-alpha.41

v2.0.0-alpha.5

v2.0.0-alpha.6

v2.0.0-alpha.7

v2.0.0-alpha.8

v2.0.0-alpha.9

v2.0.0-rc.0

v2.0.0-rc.1

v2.0.0-rc.10

v2.0.0-rc.11

v2.0.0-rc.12

v2.0.0-rc.13

v2.0.0-rc.14

v2.0.0-rc.15

v2.0.0-rc.16

v2.0.0-rc.17

v2.0.0-rc.18

v2.0.0-rc.19

v2.0.0-rc.2

v2.0.0-rc.20

v2.0.0-rc.21

v2.0.0-rc.22

v2.0.0-rc.23

v2.0.0-rc.24

v2.0.0-rc.25

v2.0.0-rc.26

v2.0.0-rc.27

v2.0.0-rc.28

v2.0.0-rc.29

v2.0.0-rc.3

v2.0.0-rc.30

v2.0.0-rc.31

v2.0.0-rc.33

v2.0.0-rc.34

v2.0.0-rc.35

v2.0.0-rc.36

v2.0.0-rc.37

v2.0.0-rc.38

v2.0.0-rc.39

v2.0.0-rc.4

v2.0.0-rc.40

v2.0.0-rc.41

v2.0.0-rc.42

v2.0.0-rc.43

v2.0.0-rc.45

v2.0.0-rc.46

v2.0.0-rc.47

v2.0.0-rc.48

v2.0.0-rc.49

v2.0.0-rc.5

v2.0.0-rc.50

v2.0.0-rc.51

v2.0.0-rc.53

v2.0.0-rc.54

v2.0.0-rc.55

v2.0.0-rc.56

v2.0.0-rc.57

v2.0.0-rc.58

v2.0.0-rc.59

v2.0.0-rc.6

v2.0.0-rc.60

v2.0.0-rc.61

v2.0.0-rc.62

v2.0.0-rc.63

v2.0.0-rc.64

v2.0.0-rc.65

v2.0.0-rc.66

v2.0.0-rc.67

v2.0.0-rc.68

v2.0.0-rc.68.1

v2.0.0-rc.69

v2.0.0-rc.7

v2.0.0-rc.70

v2.0.0-rc.71

v2.0.0-rc.72

v2.0.0-rc.73

v2.0.0-rc.74

v2.0.0-rc.75

v2.0.0-rc.76

v2.0.0-rc.77

v2.0.0-rc.8

v2.0.0-rc.8-1

v2.0.0-rc.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.2.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57083.json"