CVE-2024-36572 | allpro form-manager 0.7.4 setDefaults/mergeBranch/Object.setObjectValue prototype pollution

CVE-2024-36572 | allpro form-manager 0.7.4 setDefaults/mergeBranch/Object.setObjectValue prototype pollution

A vulnerability has been found in allpro form-manager 0.7.4 and classified as problematic. Affected by this vulnerability is the function setDefaults/mergeBranch/Object.setObjectValue. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-36572. The attack needs to be approached within the local network. There is no exploit available.