CVE-2024-36573 Information

Description

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656) reduce (@almela/obx/build/index.js:470) Object.set (obx/build/index.js:269) component.

Reference

https://gist.github.com/mestrtee/fd8181bbc180d775f8367a2b9e0ffcd1