utile 0.3.0 lib.createPath prototype pollution

Summaryinfo

A vulnerability classified as problematic has been found in utile 0.3.0. This vulnerability affects the function lib.createPath. Performing a manipulation results in prototype pollution. This vulnerability is known as CVE-2024-57065. No exploit is available.

Detailsinfo

A vulnerability, which was classified as problematic, was found in utile 0.3.0. This affects the function lib.createPath. The manipulation with an unknown input leads to a prototype pollution vulnerability. CWE is classifying the issue as CWE-1321. The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. This is going to have an impact on availability. The summary by CVE is:

A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

The advisory is shared at gist.github.com. This vulnerability is uniquely identified as CVE-2024-57065 since 01/09/2025. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1059 for this issue.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2024-53510). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Name

• utile

Version

• 0.3.0

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion