CVE-2024-57080: 
JavaScript vulnerability analysis and mitigation

A prototype pollution vulnerability was discovered in the lib.install function of vxe-table version 4.8.10. The vulnerability was assigned CVE-2024-57080 and was disclosed on February 5, 2025. The vulnerability affects the vxe-table library, which is a JavaScript/TypeScript package (MITRE, NVD).

The vulnerability exists in the lib.install function of vxe-table v4.8.10, where improper input validation allows attackers to manipulate the Object prototype. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes) (NVD).

A successful exploitation of this vulnerability allows attackers to cause a Denial of Service (DoS) condition. The attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, which can affect all objects inheriting from the modified prototype (GitHub POC).

Users should upgrade to a patched version of vxe-table when available. In the meantime, careful validation of input passed to the lib.install function is recommended to prevent prototype pollution attacks (NVD).