CVE-2024-54156: 
YouTrack vulnerability analysis and mitigation

CVE-2024-54156 affects JetBrains YouTrack versions before 2024.3.52635, where multiple merge functions were found to be vulnerable to prototype pollution attacks. The vulnerability was disclosed on December 4, 2024, and received a CVSS v3.1 base score of 6.5 (Medium) from NIST NVD, while JetBrains assessed it with a score of 4.2 (Medium) (NVD Details).

The vulnerability is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes), commonly known as Prototype Pollution. The CVSS vector string from NIST is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in low-level impacts to confidentiality and integrity (NVD Details).

The vulnerability can lead to prototype pollution attacks, potentially allowing attackers to modify object prototype attributes. This could result in low-level impacts to both confidentiality and integrity of the affected system, though there is no direct impact on availability according to the CVSS scoring (NVD Details).

The vulnerability has been fixed in JetBrains YouTrack version 2024.3.52635. Users are advised to upgrade to this version or later to mitigate the risk (JetBrains Advisory).