Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

420 vulnerabilities reference this CWE, most recent first.

GHSA-F67Q-WR6W-23JQ

Vulnerability from github – Published: 2024-08-14 20:49 – Updated: 2025-12-20 05:28
VLAI
Summary
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
Details

A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts.

Details

Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by methods of AsyncGenerator such as %AsyncGeneratorPrototype%.next, %AsyncGeneratorPrototype%.return, or %AsyncGeneratorPrototype%.throw. However, a carefully constructed code could trigger a state transition from a getter method for the promise's then property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user.

Patches

Version 0.19.0 is patched to correctly handle this case.

Workarounds

Users unable to upgrade to the patched version would want to use std::panic::catch_unwind to ensure any exceptions caused by the engine don't impact the availability of the main application.

References

  • https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7
  • https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "boa_engine"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.16"
            },
            {
              "fixed": "0.19.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-43367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-14T20:49:51Z",
    "nvd_published_at": "2024-08-15T21:15:17Z",
    "severity": "HIGH"
  },
  "details": "A wrong assumption made when handling ECMAScript\u0027s `AsyncGenerator` operations can cause an uncaught exception on certain scripts.\n\n## Details\n\nBoa\u0027s implementation of `AsyncGenerator` makes the assumption that the state of an `AsyncGenerator` object cannot change while resolving a promise created by methods of `AsyncGenerator` such as `%AsyncGeneratorPrototype%.next`, `%AsyncGeneratorPrototype%.return`, or `%AsyncGeneratorPrototype%.throw`.\nHowever, a carefully constructed code could trigger a state transition from a getter method for the promise\u0027s `then` property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user.\n\n## Patches\n\nVersion 0.19.0 is patched to correctly handle this case.\n\n## Workarounds\n\nUsers unable to upgrade to the patched version would want to use [`std::panic::catch_unwind`](https://doc.rust-lang.org/std/panic/fn.catch_unwind.html) to ensure any exceptions caused by the engine don\u0027t impact the availability of the main application.\n\n## References\n\n- https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7\n- https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r",
  "id": "GHSA-f67q-wr6w-23jq",
  "modified": "2025-12-20T05:28:05Z",
  "published": "2024-08-14T20:49:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43367"
    },
    {
      "type": "WEB",
      "url": "https://github.com/boa-dev/boa/commit/69ea2f52ed976934bff588d6b566bae01be313f7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/boa-dev/boa"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0444.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects"
}

GHSA-F9VX-6CFW-VGPG

Vulnerability from github – Published: 2023-04-19 21:30 – Updated: 2024-04-04 03:35
VLAI
Details

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-19T20:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753",
  "id": "GHSA-f9vx-6cfw-vgpg",
  "modified": "2024-04-04T03:35:57Z",
  "published": "2023-04-19T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21087"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9XV-Q969-PQX4

Vulnerability from github – Published: 2023-04-24 15:30 – Updated: 2023-05-03 18:36
VLAI
Summary
Uncaught Exception in yaml
Details

Uncaught Exception in GitHub repository eemeli/yaml starting at version 2.0.0-5 and prior to 2.2.2.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "yaml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-5"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-24T18:05:30Z",
    "nvd_published_at": "2023-04-24T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "Uncaught Exception in GitHub repository eemeli/yaml starting at version 2.0.0-5 and prior to 2.2.2.",
  "id": "GHSA-f9xv-q969-pqx4",
  "modified": "2023-05-03T18:36:52Z",
  "published": "2023-04-24T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2251"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eemeli/yaml"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncaught Exception in yaml"
}

GHSA-FFCV-V6PW-QHRP

Vulnerability from github – Published: 2024-10-08 22:18 – Updated: 2024-10-31 19:31
VLAI
Summary
Denial of Service in TYPO3 Bookmark Toolbar
Details

Problem

Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account.

Solution

Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described.

Credits

Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "13.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "13.0.0"
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 12.4.20"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.4.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.5.39"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.4.45"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.46"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-34537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286",
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-08T22:18:27Z",
    "nvd_published_at": "2024-10-28T14:15:04Z",
    "severity": "LOW"
  },
  "details": "### Problem\nDue to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account.\n\n### Solution\nUpdate to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described.\n\n### Credits\nThanks to Hendrik Eichner who reported this issue and to TYPO3 core \u0026 security team members Oliver Hader and Benjamin Franzke who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2024-011](https://typo3.org/security/advisory/typo3-core-sa-2024-001)\n",
  "id": "GHSA-ffcv-v6pw-qhrp",
  "modified": "2024-10-31T19:31:10Z",
  "published": "2024-10-08T22:18:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34537"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3-CMS/backend"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-011"
    },
    {
      "type": "WEB",
      "url": "https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Denial of Service in TYPO3 Bookmark Toolbar"
}

GHSA-FFPF-5H29-W36W

Vulnerability from github – Published: 2024-03-21 06:33 – Updated: 2025-11-04 18:30
VLAI
Details

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-21T06:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.",
  "id": "GHSA-ffpf-5h29-w36w",
  "modified": "2025-11-04T18:30:46Z",
  "published": "2024-03-21T06:33:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28835"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1879"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2570"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2889"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-28835"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241122-0009"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/22/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/22/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FG9R-RH56-7JCV

Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34
VLAI
Details

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.

This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T17:15:24Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.\n\nThis vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload.\u0026nbsp;\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.",
  "id": "GHSA-fg9r-rh56-7jcv",
  "modified": "2025-02-05T18:34:45Z",
  "published": "2025-02-05T18:34:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20172"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJGF-RC76-4X9P

Vulnerability from github – Published: 2025-07-17 21:01 – Updated: 2025-07-17 21:01
VLAI
Summary
Multer vulnerable to Denial of Service via unhandled exception from malformed request
Details

Impact

A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.

Patches

Users should upgrade to 2.0.2

Workarounds

None

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "multer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.4-lts.1"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-7338"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-17T21:01:54Z",
    "nvd_published_at": "2025-07-17T16:15:35Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerability in Multer versions \u003e= 1.4.4-lts.1, \u003c 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.\n\n### Patches\n\nUsers should upgrade to `2.0.2`\n\n### Workarounds\n\nNone",
  "id": "GHSA-fjgf-rc76-4x9p",
  "modified": "2025-07-17T21:01:54Z",
  "published": "2025-07-17T21:01:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7338"
    },
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b"
    },
    {
      "type": "WEB",
      "url": "https://cna.openjsf.org/security-advisories.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/expressjs/multer"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Multer vulnerable to Denial of Service via unhandled exception from malformed request"
}

GHSA-FVPC-GQMR-784W

Vulnerability from github – Published: 2025-04-15 15:30 – Updated: 2025-04-15 15:30
VLAI
Details

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.  If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-15T13:15:55Z",
    "severity": "MODERATE"
  },
  "details": "The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.\u00a0\u00a0If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.",
  "id": "GHSA-fvpc-gqmr-784w",
  "modified": "2025-04-15T15:30:53Z",
  "published": "2025-04-15T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32944"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FW4P-36J9-RRJ3

Vulnerability from github – Published: 2020-09-03 20:25 – Updated: 2020-08-31 18:48
VLAI
Summary
Denial of Service in sequelize
Details

Versions of sequelize prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a TypeError exception for the results variable. The results value may be undefined and trigger the error on a .map call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.

The following proof-of-concept crashes the Node process:

const Sequelize = require('sequelize');

const sequelize = new Sequelize({
    dialect: 'sqlite',
    storage: 'database.sqlite'
});

const TypeError = sequelize.define('TypeError', {
    name: Sequelize.STRING,
});

TypeError.sync({force: true}).then(() => {
    return TypeError.create({name: "SELECT tbl_name FROM sqlite_master"});
});

Recommendation

Upgrade to version 4.44.4 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sequelize"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.44.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:48:48Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Versions of `sequelize` prior to 4.44.4 are vulnerable to Denial of Service (DoS). The SQLite dialect fails to catch a `TypeError` exception for the `results` variable. The `results` value may be undefined and trigger the error on a `.map` call. This may allow attackers to submit malicious input that forces the exception and crashes the Node process.  \n\nThe following proof-of-concept crashes the Node process:  \n```\nconst Sequelize = require(\u0027sequelize\u0027);\n\nconst sequelize = new Sequelize({\n\tdialect: \u0027sqlite\u0027,\n\tstorage: \u0027database.sqlite\u0027\n});\n\nconst TypeError = sequelize.define(\u0027TypeError\u0027, {\n\tname: Sequelize.STRING,\n});\n\nTypeError.sync({force: true}).then(() =\u003e {\n\treturn TypeError.create({name: \"SELECT tbl_name FROM sqlite_master\"});\n});\n```\n\n\n## Recommendation\n\nUpgrade to version 4.44.4 or later.",
  "id": "GHSA-fw4p-36j9-rrj3",
  "modified": "2020-08-31T18:48:48Z",
  "published": "2020-09-03T20:25:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/pull/11877"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1142"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Denial of Service in sequelize"
}

GHSA-FX36-2W4H-PGPF

Vulnerability from github – Published: 2024-11-05 12:31 – Updated: 2024-11-05 12:31
VLAI
Details

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-05T10:21:10Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability of message types not being verified in the advanced messaging modul\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-fx36-2w4h-pgpf",
  "modified": "2024-11-05T12:31:03Z",
  "published": "2024-11-05T12:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51518"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.