Prototype Pollution Vulnerability in php-date-formatter Library by Vendor
CVE-2024-57063

7.5HIGH

Key Information:

Vendor: Vendor
Status: php-date-formatter
Vendor: CVE Published:; 5 February 2025

What is CVE-2024-57063?

The php-date-formatter library version 1.3.6 contains a prototype pollution vulnerability that allows attackers to craft malicious payloads. By exploiting this vulnerability, an attacker can manipulate the internal functions of the application, leading to potential disruption of services and an overall Denial of Service (DoS) condition. It is crucial for users of the affected library to apply necessary updates and review their security practices to mitigate the risks associated with this vulnerability.

References

https://gist.github.com/tariqhawis/dcb93b4788273c3ffb15f7...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jan 9, 2025