You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2022-24999
About this tag
CVE-2022-24999 is a prototype pollution vulnerability that affects both the qs library for Node.js and ABB RMC-100 industrial controllers. In Node.js applications, the flaw allows attackers to craft query strings that modify an object's prototype, potentially causing denial-of-service conditions. The fix was released in qs version 6.10.3 and backported to maintenance branches, with Express 4.17.3 including the patched dependency. In industrial contexts, CVE-2022-24999 impacts ABB's RMC-100 automation controllers, carrying a CVSS v4 score of 8.7. This places manufacturing operations at risk by enabling prototype pollution attacks that could disrupt critical infrastructure. Discussions on WindowsForum cover both the technical details of the vulnerability and mitigation strategies for affected systems.
The qs library’s quietly dangerous prototype‑pollution bug — tracked as CVE‑2022‑24999 — is a textbook example of how a tiny parser behavior can cascade into a network‑accessible denial‑of‑service for Node.js applications. The flaw allowed an attacker to use a specially crafted query string (for...
Few industrial vulnerabilities have the far-reaching potential to disrupt critical infrastructures as profoundly as those discovered in the heart of IIoT (Industrial Internet of Things) systems. Among the latest to draw attention is CVE-2022-24999, a prototype pollution flaw unearthed in ABB’s...