MidnightBSD

Advisories for allpro

CVE-2024-36572

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.

Products Affected

Vendor Product Version
allpro formmanager_data_handler 0.7.4