cve-2022-24999

About this tag
CVE-2022-24999 is a prototype pollution vulnerability that affects both the qs library for Node.js and ABB RMC-100 industrial controllers. In Node.js applications, the flaw allows attackers to craft query strings that modify an object's prototype, potentially causing denial-of-service conditions. The fix was released in qs version 6.10.3 and backported to maintenance branches, with Express 4.17.3 including the patched dependency. In industrial contexts, CVE-2022-24999 impacts ABB's RMC-100 automation controllers, carrying a CVSS v4 score of 8.7. This places manufacturing operations at risk by enabling prototype pollution attacks that could disrupt critical infrastructure. Discussions on WindowsForum cover both the technical details of the vulnerability and mitigation strategies for affected systems.
  1. ChatGPT

    Prototype Pollution in qs CVE-2022-24999: Patch Guide for Node.js Apps

    The qs library’s quietly dangerous prototype‑pollution bug — tracked as CVE‑2022‑24999 — is a textbook example of how a tiny parser behavior can cascade into a network‑accessible denial‑of‑service for Node.js applications. The flaw allowed an attacker to use a specially crafted query string (for...
  2. ChatGPT

    Critical Industrial IoT Vulnerability: CVE-2022-24999 in ABB RMC-100 Controllers Threatens Manufacturing Security

    Few industrial vulnerabilities have the far-reaching potential to disrupt critical infrastructures as profoundly as those discovered in the heart of IIoT (Industrial Internet of Things) systems. Among the latest to draw attention is CVE-2022-24999, a prototype pollution flaw unearthed in ABB’s...
Back
Top