Vulnerability Database

309,084

Total vulnerabilities in the database

CVE-2024-24294

A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.

Published: May 20, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-24294
GHSA: GHSA-g3q2-vcjq-rgrc
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94
CWE-1321

Affected Software
References

Software	From	Fixed in
@blackprint / engine	0.8.12	0.9.2

https://gist.github.com/mestrtee/d1eb6e1f7c6dd60d8838c3e56cab634d
https://github.com/Blackprint/engine-js/commit/bd6b965b03c467e7a58ab0cb89b9172fa5e07013

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo