vulnerability

Red Hat: CVE-2024-21489: uplot: Prototype Pollution in uplot

Name: Red Hat: CVE-2024-21489: uplot: Prototype Pollution in uplot
Creator: Red Hat
Published: 2024-10-01T00:00:00.000Z
Keywords: CVE, Red Hat, 2024, 21489, uplot, no-fix-redhat-rpm-package, Severity 9

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:P)

Published

Oct 1, 2024

Added

Jul 9, 2025

Modified

Jul 10, 2025

Description

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2024-21489

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report