Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-57063

Good to know:

icon
icon

Date: February 4, 2025

A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Severity Score

Related Resources (3)

https://gist.github.com/tariqhawis/dcb93b4788273c3ffb15f70dc45ca4e7
https://nvd.nist.gov/vuln/detail/CVE-2024-57063
https://www.mend.io/vulnerability-database/CVE-2024-57063

Severity Score

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

icon

Upgrade Version

Upgrade to version php-date-formatter - 1.3.7;oscarotero/folk - no_fix;oscarotero/folk - v1.0.0;tvhung/cms - no_fix;tvhung/cms - 5.2.4;tvhung/cms - 5.27.3;tvhung/cms - 5.24;tvhung/cms - 5.24.8;tvhung/cms - 5.28;tvhung/cms - 5.20.2;yiixwom/yii-xwom - 1.0.6;yiixwom/yii-xwom - no_fix;yiixwom/yii-xwom - v0.1.2;cytech/scheduler - no_fix;cytech/scheduler - v2.1.0;cytech/scheduler - v2.0.0;enhavo/enhavo - 0.6;enhavo/enhavo - 0.7.x-dev;esnanta/yii2-news - dev-update-news;esnanta/yii2-news - no_fix;realdriss/platform - no_fix;ly/message_queue - 1.0;haitech/cms - no_fix;kartik-v/php-date-formatter - v1.3.7;lidyapos/platform - no_fix;felixarntz/wpdlib - no_fix;felixarntz/wpdlib - 0.5.0;tecdynamics/platform - no_fix;kodicms/core - no_fix;kodicms/core - v0.0.1;enhavo/assets-bundle - no_fix;ismagilovnail/yii-test - no_fix;org.webjars.npm:php-date-formatter:1.3.6;org.webjars.bowergithub.kartik-v:php-date-formatter:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us