CVE-2024-57708
MEDIUM EPSS 55.1%
Published Jun 25, 20251y ago · Modified Jun 17, 20262w ago
5.7 CVSS 3.1
Published Jun 25, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
55.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 4
CWE-1321
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
CWE-471
CWE-915
References 3
- discord.com https://discord.com/assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js
- github.com https://github.com/brotheralameen1/Discordforschool/security/advisories/GHSA-63xr-98vc-whx5
- packetstorm.news https://packetstorm.news/files/id/201222/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.