{"dataType": "CVE_RECORD", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2024-38998", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-28T19:44:53.337Z", "dateRejected": "2025-01-28T00:00:00", "dateReserved": "2024-06-21T00:00:00.000Z", "datePublished": "2024-07-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-01-28T19:44:53.337Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2024-38998", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-28T19:44:53.337Z", "dateRejected": "2025-01-28T00:00:00", "dateReserved": "2024-06-21T00:00:00.000Z", "datePublished": "2024-07-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-01-28T19:44:53.337Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2024-38998", "lastModified": "2025-01-28T20:15:31.103", "metrics": {}, "published": "2024-07-01T13:15:05.223", "references": [], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "requirejs: prototype pollution via config function", "id": "2294942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294942"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-1321", "details": ["A flaw was found in RequireJS. This flaw allows an attacker to alter the behavior of all objects inheriting from the affected prototype by passing arguments to the config function crafted with the built-in property: __proto__. This issue can potentially lead to a denial of service, remote code execution, or Cross-site scripting."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38998", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "org.infinispan-infinispan-js-client", "product_name": "Red Hat JBoss Data Grid 7"}], "public_date": "2024-07-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38998\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38998\nhttps://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a"], "statement": "It is highly unlikely that this vulnerability can be exploited to cause remote code execution without another vulnerability present in the system,which is why the CVSS for confidentiality has been marked as none and availability has been marked as low.", "threat_severity": "Moderate"}