Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0043
Vulnerability from csaf_certbund
Published
2025-01-12 23:00
Modified
2025-01-12 23:00
Summary
IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0043 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0043.json", }, { category: "self", summary: "WID-SEC-2025-0043 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0043", }, { category: "external", summary: "IBM Security Bulletin vom 2025-01-12", url: "https://www.ibm.com/support/pages/node/7180725", }, ], source_lang: "en-US", title: "IBM QRadar SIEM (Log Source Management App): Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-12T23:00:00.000+00:00", generator: { date: "2025-01-13T09:08:15.486+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0043", initial_release_date: "2025-01-12T23:00:00.000+00:00", revision_history: [ { date: "2025-01-12T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Log Source Management App <7.0.11", product: { name: "IBM QRadar SIEM Log Source Management App <7.0.11", product_id: "T040117", }, }, { category: "product_version", name: "Log Source Management App 7.0.11", product: { name: "IBM QRadar SIEM Log Source Management App 7.0.11", product_id: "T040117-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:log_source_management_app__7.0.11", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-43788", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43788", }, { cve: "CVE-2024-43796", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43796", }, { cve: "CVE-2024-43799", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43799", }, { cve: "CVE-2024-43800", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-43800", }, { cve: "CVE-2024-47068", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-47068", }, { cve: "CVE-2024-47875", notes: [ { category: "description", text: "In IBM QRadar SIEM Log Source Management App existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-47875", }, { cve: "CVE-2024-21536", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-21536", }, { cve: "CVE-2024-21538", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-21538", }, { cve: "CVE-2024-33883", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-33883", }, { cve: "CVE-2024-37890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-37890", }, { cve: "CVE-2024-4067", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-4067", }, { cve: "CVE-2024-4068", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-4068", }, { cve: "CVE-2024-45296", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-45296", }, { cve: "CVE-2024-45590", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-45590", }, { cve: "CVE-2024-48948", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-48948", }, { cve: "CVE-2024-48949", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-48949", }, { cve: "CVE-2024-52798", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-52798", }, { cve: "CVE-2024-55565", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App. Diese Schwachstellen bestehen in mehreren Modulen und Bibliotheken wie Node.js, dem expressjs body-parser oder nanoid aufgrund von Problemen wie unsachgemäßer Eingabebereinigung, Regular Expression Backtracking, Null-Pointer-Dereferenzen, Memory Exhaustion und unsachgemäßer Behandlung von nicht ganzzahligen Werten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-55565", }, { cve: "CVE-2024-45801", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM QRadar SIEM Log Source Management App. Diese Schwachstelle betrifft DOMPurify aufgrund eines Prototyp-Verschmutzungsfehlers in der Tiefenprüfung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-45801", }, { cve: "CVE-2024-42459", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App . Diese Schwachstellen betreffen das Node.js Elliptic-Modul aufgrund fehlender Überprüfungen und unsachgemäßer Behandlung von BER-codierten Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und weitere Angriffe zu starten.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-42459", }, { cve: "CVE-2024-42460", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App . Diese Schwachstellen betreffen das Node.js Elliptic-Modul aufgrund fehlender Überprüfungen und unsachgemäßer Behandlung von BER-codierten Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und weitere Angriffe zu starten.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-42460", }, { cve: "CVE-2024-42461", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM Log Source Management App . Diese Schwachstellen betreffen das Node.js Elliptic-Modul aufgrund fehlender Überprüfungen und unsachgemäßer Behandlung von BER-codierten Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und weitere Angriffe zu starten.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-42461", }, { cve: "CVE-2024-47764", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM QRadar SIEM Log Source Management App. Diese Schwachstelle betrifft das jshttp-Cookie aufgrund einer unsachgemäßen Eingabevalidierung von Cookie-Name, -Pfad und -Domäne. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsbeschränkungen zu umgehen und andere Felder des Cookies zu ändern.", }, ], product_status: { known_affected: [ "T040117", ], }, release_date: "2025-01-12T23:00:00.000+00:00", title: "CVE-2024-47764", }, ], }
cve-2024-45801
Vulnerability from cvelistv5
Published
2024-09-16 18:25
Modified
2024-09-16 20:04
Severity ?
EPSS score ?
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 | x_refsource_CONFIRM | |
https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 | x_refsource_MISC | |
https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45801", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-16T20:04:30.471934Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T20:04:47.181Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "DOMPurify", vendor: "cure53", versions: [ { status: "affected", version: "< 2.5.4", }, { status: "affected", version: ">=3.0.0, < 3.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T18:25:28.065Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", }, { name: "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", }, { name: "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", }, ], source: { advisory: "GHSA-mmhx-hmjr-r674", discovery: "UNKNOWN", }, title: "Tampering by prototype polution in DOMPurify", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45801", datePublished: "2024-09-16T18:25:28.065Z", dateReserved: "2024-09-09T14:23:07.503Z", dateUpdated: "2024-09-16T20:04:47.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48948
Vulnerability from cvelistv5
Published
2024-10-15 00:00
Modified
2024-12-20 13:06
Severity ?
EPSS score ?
Summary
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:nodejs:elliptic:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "elliptic", vendor: "nodejs", versions: [ { status: "affected", version: "6.5.7", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-48948", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T13:57:37.235007Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T18:36:35.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-20T13:06:45.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241220-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T13:21:42.589249", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/indutny/elliptic/pull/322", }, { url: "https://github.com/indutny/elliptic/issues/321", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-48948", datePublished: "2024-10-15T00:00:00", dateReserved: "2024-10-10T00:00:00", dateUpdated: "2024-12-20T13:06:45.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47875
Vulnerability from cvelistv5
Published
2024-10-11 14:59
Modified
2024-10-11 19:27
Severity ?
EPSS score ?
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-47875", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T19:27:35.590076Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T19:27:57.706Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "DOMPurify", vendor: "cure53", versions: [ { status: "affected", version: "< 2.5.0", }, { status: "affected", version: "< 3.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-11T14:59:27.641Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", }, { name: "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", }, { name: "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", }, { name: "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", tags: [ "x_refsource_MISC", ], url: "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", }, ], source: { advisory: "GHSA-gx9m-whjm-85jf", discovery: "UNKNOWN", }, title: "DOMPurify nesting-based mXSS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-47875", datePublished: "2024-10-11T14:59:27.641Z", dateReserved: "2024-10-04T16:00:09.630Z", dateUpdated: "2024-10-11T19:27:57.706Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4068
Vulnerability from cvelistv5
Published
2024-05-13 10:06
Modified
2024-11-06 13:10
Severity ?
EPSS score ?
Summary
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
micromatch | braces |
Version: 0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:micromatch:braces:3.0.3:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "braces", vendor: "micromatch", versions: [ { lessThan: "3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4068", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T11:10:08.649102Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T20:12:58.696Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:26:57.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/issues/35", }, { tags: [ "x_transferred", ], url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/pull/37", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/pull/40", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://www.npmjs.com/package/micromatch", defaultStatus: "unknown", packageName: "braces", product: "braces", programFiles: [ "lib/parse.js", ], repo: "https://github.com/micromatch/braces", vendor: "micromatch", versions: [ { changes: [ { at: "3.0.3", status: "unaffected", }, ], lessThanOrEqual: "3.0.2", status: "affected", version: "0", versionType: "git", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Mário Teixeira, Checkmarx Research Group", }, ], datePublic: "2024-05-13T12:44:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><p>The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.</p></div>", }, ], value: "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1050", description: "CWE-1050: Excessive Platform Resource Consumption within a Loop", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T13:10:11.179Z", orgId: "596c5446-0ce5-4ba2-aa66-48b3b757a647", shortName: "Checkmarx", }, references: [ { url: "https://github.com/micromatch/braces/issues/35", }, { url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { url: "https://github.com/micromatch/braces/pull/37", }, { url: "https://github.com/micromatch/braces/pull/40", }, { url: "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to version 3.0.3 to mitigate the issue.", }, ], value: "Update to version 3.0.3 to mitigate the issue.", }, ], source: { discovery: "UNKNOWN", }, title: "Memory Exhaustion in braces", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "596c5446-0ce5-4ba2-aa66-48b3b757a647", assignerShortName: "Checkmarx", cveId: "CVE-2024-4068", datePublished: "2024-05-13T10:06:38.152Z", dateReserved: "2024-04-23T13:31:17.738Z", dateUpdated: "2024-11-06T13:10:11.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43788
Vulnerability from cvelistv5
Published
2024-08-27 17:07
Modified
2025-01-09 17:41
Severity ?
EPSS score ?
Summary
Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.
References
▼ | URL | Tags |
---|---|---|
https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986 | x_refsource_CONFIRM | |
https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270 | x_refsource_MISC | |
https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61 | x_refsource_MISC | |
https://research.securitum.com/xss-in-amp4email-dom-clobbering | x_refsource_MISC | |
https://scnps.co/papers/sp23_domclob.pdf | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:webpack:webpack:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "webpack", vendor: "webpack", versions: [ { lessThan: "5.94.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-43788", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T18:09:32.950161Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T17:41:35.616Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "webpack", vendor: "webpack", versions: [ { status: "affected", version: ">= 5.0.0-alpha.0, < 5.94.0", }, ], }, ], descriptions: [ { lang: "en", value: "Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T14:51:39.140Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", }, { name: "https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270", tags: [ "x_refsource_MISC", ], url: "https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270", }, { name: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", tags: [ "x_refsource_MISC", ], url: "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", }, { name: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", tags: [ "x_refsource_MISC", ], url: "https://research.securitum.com/xss-in-amp4email-dom-clobbering", }, { name: "https://scnps.co/papers/sp23_domclob.pdf", tags: [ "x_refsource_MISC", ], url: "https://scnps.co/papers/sp23_domclob.pdf", }, ], source: { advisory: "GHSA-4vvj-4cpr-p986", discovery: "UNKNOWN", }, title: "DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-43788", datePublished: "2024-08-27T17:07:16.285Z", dateReserved: "2024-08-16T14:20:37.323Z", dateUpdated: "2025-01-09T17:41:35.616Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43800
Vulnerability from cvelistv5
Published
2024-09-10 14:50
Modified
2024-09-10 19:08
Severity ?
EPSS score ?
Summary
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
expressjs | serve-static |
Version: < 1.16.0 Version: >= 2.0.0, < 2.1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:07:51.583443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:08:02.494Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "serve-static", vendor: "expressjs", versions: [ { status: "affected", version: "< 1.16.0", }, { status: "affected", version: ">= 2.0.0, < 2.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T14:50:06.043Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, { name: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { name: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, ], source: { advisory: "GHSA-cm22-4g7w-348p", discovery: "UNKNOWN", }, title: "serve-static affected by template injection that can lead to XSS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-43800", datePublished: "2024-09-10T14:50:06.043Z", dateReserved: "2024-08-16T14:20:37.326Z", dateUpdated: "2024-09-10T19:08:02.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4067
Vulnerability from cvelistv5
Published
2024-05-13 10:04
Modified
2024-09-17 19:47
Severity ?
EPSS score ?
Summary
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
micromatch | micromatch |
Version: 0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:micromatch:micromatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "micromatch", vendor: "micromatch", versions: [ { lessThan: "4.0.8", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4067", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T16:30:13.286431Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:47:41.783Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:26:57.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/micromatch/issues/243", }, { tags: [ "x_transferred", ], url: "https://github.com/micromatch/micromatch/pull/247", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://www.npmjs.com/package/micromatch", defaultStatus: "unaffected", packageName: "micromatch", product: "micromatch", programFiles: [ "index.js", ], programRoutines: [ { name: "micromatch.braces = (pattern, options) =>", }, ], repo: "https://github.com/micromatch/micromatch", vendor: "micromatch", versions: [ { lessThan: "4.0.8", status: "affected", version: "0", versionType: "cpe", }, { status: "unaffected", version: "4.0.8", versionType: "cpe", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Mário Teixeira, Checkmarx Research Group", }, ], datePublic: "2024-05-13T12:44:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.</span><br>", }, ], value: "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-27T23:25:14.519Z", orgId: "596c5446-0ce5-4ba2-aa66-48b3b757a647", shortName: "Checkmarx", }, references: [ { url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", }, { url: "https://github.com/micromatch/micromatch/pull/266", }, { url: "https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade", }, { url: "https://github.com/micromatch/micromatch/releases/tag/4.0.8", }, { url: "https://advisory.checkmarx.net/advisory/CVE-2024-4067/", }, ], source: { discovery: "UNKNOWN", }, title: "Regular Expression Denial of Service in micromatch", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "596c5446-0ce5-4ba2-aa66-48b3b757a647", assignerShortName: "Checkmarx", cveId: "CVE-2024-4067", datePublished: "2024-05-13T10:04:42.886Z", dateReserved: "2024-04-23T13:31:13.656Z", dateUpdated: "2024-09-17T19:47:41.783Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47068
Vulnerability from cvelistv5
Published
2024-09-23 15:26
Modified
2024-10-29 15:16
Severity ?
EPSS score ?
Summary
Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:rollup:rollup:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rollup", vendor: "rollup", versions: [ { lessThan: "3.29.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.22.4", status: "affected", version: "4.0.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-47068", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T15:47:09.301929Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T15:53:25.040Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "rollup", vendor: "rollup", versions: [ { status: "affected", version: ">= 3.0.0, < 3.29.5", }, { status: "affected", version: ">= 4.0.0, < 4.22.4", }, { status: "affected", version: "< 2.79.2", }, ], }, ], descriptions: [ { lang: "en", value: "Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T15:16:32.075Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", }, { name: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", tags: [ "x_refsource_MISC", ], url: "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4", }, { name: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", tags: [ "x_refsource_MISC", ], url: "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541", }, { name: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", tags: [ "x_refsource_MISC", ], url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162", }, { name: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", tags: [ "x_refsource_MISC", ], url: "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185", }, ], source: { advisory: "GHSA-gcx4-mw62-g8wm", discovery: "UNKNOWN", }, title: "DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-47068", datePublished: "2024-09-23T15:26:09.313Z", dateReserved: "2024-09-17T17:42:37.029Z", dateUpdated: "2024-10-29T15:16:32.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42459
Vulnerability from cvelistv5
Published
2024-08-02 00:00
Modified
2024-08-02 15:05
Severity ?
EPSS score ?
Summary
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*", ], defaultStatus: "unknown", product: "elliptic", vendor: "elliptic_project", versions: [ { status: "affected", version: "6.5.6", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-42459", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-02T14:59:10.365958Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T15:05:48.384Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T07:08:53.551383", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/indutny/elliptic/pull/317", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-42459", datePublished: "2024-08-02T00:00:00", dateReserved: "2024-08-02T00:00:00", dateUpdated: "2024-08-02T15:05:48.384Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48949
Vulnerability from cvelistv5
Published
2024-10-10 00:00
Modified
2024-12-27 16:03
Severity ?
EPSS score ?
Summary
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48949", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T20:20:12.636633Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T20:21:18.400Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-27T16:03:06.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241227-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-10T00:26:01.524136", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281", }, { url: "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-48949", datePublished: "2024-10-10T00:00:00", dateReserved: "2024-10-10T00:00:00", dateUpdated: "2024-12-27T16:03:06.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45590
Vulnerability from cvelistv5
Published
2024-09-10 15:54
Modified
2024-09-10 18:47
Severity ?
EPSS score ?
Summary
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
References
▼ | URL | Tags |
---|---|---|
https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7 | x_refsource_CONFIRM | |
https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
expressjs | body-parser |
Version: < 1.20.3 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "body-parser", vendor: "expressjs", versions: [ { lessThan: "1.20.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45590", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:42:41.773305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:47:22.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "body-parser", vendor: "expressjs", versions: [ { status: "affected", version: "< 1.20.3", }, ], }, ], descriptions: [ { lang: "en", value: "body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-405", description: "CWE-405: Asymmetric Resource Consumption (Amplification)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:54:02.330Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, { name: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, ], source: { advisory: "GHSA-qwcr-r2fm-qrc7", discovery: "UNKNOWN", }, title: "body-parser vulnerable to denial of service when url encoding is enabled", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45590", datePublished: "2024-09-10T15:54:02.330Z", dateReserved: "2024-09-02T16:00:02.422Z", dateUpdated: "2024-09-10T18:47:22.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42461
Vulnerability from cvelistv5
Published
2024-08-02 00:00
Modified
2024-08-07 18:33
Severity ?
EPSS score ?
Summary
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*", ], defaultStatus: "unknown", product: "elliptic", vendor: "elliptic_project", versions: [ { status: "affected", version: "6.5.6", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-42461", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-07T18:28:40.396125Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-07T18:33:09.133Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T07:08:26.577444", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/indutny/elliptic/pull/317", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-42461", datePublished: "2024-08-02T00:00:00", dateReserved: "2024-08-02T00:00:00", dateUpdated: "2024-08-07T18:33:09.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55565
Vulnerability from cvelistv5
Published
2024-12-09 00:00
Modified
2024-12-12 18:50
Severity ?
EPSS score ?
Summary
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-55565", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T17:19:45.458962Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T18:50:58.526Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-09T01:18:23.874121", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/ai/nanoid/pull/510", }, { url: "https://github.com/ai/nanoid/releases/tag/5.0.9", }, { url: "https://github.com/ai/nanoid/compare/3.3.7...3.3.8", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-55565", datePublished: "2024-12-09T00:00:00", dateReserved: "2024-12-09T00:00:00", dateUpdated: "2024-12-12T18:50:58.526Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21538
Vulnerability from cvelistv5
Published
2024-11-08 05:00
Modified
2025-01-09 17:09
Severity ?
EPSS score ?
Summary
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | n/a | cross-spawn |
Version: 0 ≤ |
||||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cross-spawn:cross-spawn:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cross-spawn", vendor: "cross-spawn", versions: [ { lessThan: "7.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21538", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T14:54:27.777922Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T17:09:15.832Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "cross-spawn", vendor: "n/a", versions: [ { lessThan: "7.0.5", status: "affected", version: "0", versionType: "semver", }, ], }, { product: "org.webjars.npm:cross-spawn", vendor: "n/a", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Rongchen Li", }, ], descriptions: [ { lang: "en", value: "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "Regular Expression Denial of Service (ReDoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-19T13:51:33.911Z", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, { url: "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349", }, { url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, ], }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2024-21538", datePublished: "2024-11-08T05:00:04.695Z", dateReserved: "2023-12-22T12:33:20.123Z", dateUpdated: "2025-01-09T17:09:15.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21536
Vulnerability from cvelistv5
Published
2024-10-19 05:00
Modified
2024-10-21 16:31
Severity ?
EPSS score ?
Summary
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | http-proxy-middleware |
Version: 0 ≤ Version: 3.0.0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http-proxy-middleware", vendor: "chimurai", versions: [ { lessThan: "2.0.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.3", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21536", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T15:20:45.568615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T16:31:29.125Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "http-proxy-middleware", vendor: "n/a", versions: [ { lessThan: "2.0.7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.0.3", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Marc Hassan", }, ], descriptions: [ { lang: "en", value: "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T11:22:36.064Z", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, { url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, ], }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2024-21536", datePublished: "2024-10-19T05:00:04.056Z", dateReserved: "2023-12-22T12:33:20.123Z", dateUpdated: "2024-10-21T16:31:29.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33883
Vulnerability from cvelistv5
Published
2024-04-28 00:00
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33883", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T17:22:05.915082Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693 Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:23:09.472Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5", }, { tags: [ "x_transferred", ], url: "https://github.com/mde/ejs/compare/v3.1.9...v3.1.10", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240605-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T16:12:59.897713", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5", }, { url: "https://github.com/mde/ejs/compare/v3.1.9...v3.1.10", }, { url: "https://security.netapp.com/advisory/ntap-20240605-0003/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33883", datePublished: "2024-04-28T00:00:00", dateReserved: "2024-04-28T00:00:00", dateUpdated: "2024-08-02T02:42:59.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37890
Vulnerability from cvelistv5
Published
2024-06-17 19:09
Modified
2024-08-02 03:57
Severity ?
EPSS score ?
Summary
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
References
▼ | URL | Tags |
---|---|---|
https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q | x_refsource_CONFIRM | |
https://github.com/websockets/ws/issues/2230 | x_refsource_MISC | |
https://github.com/websockets/ws/pull/2231 | x_refsource_MISC | |
https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f | x_refsource_MISC | |
https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e | x_refsource_MISC | |
https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c | x_refsource_MISC | |
https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 | x_refsource_MISC | |
https://nodejs.org/api/http.html#servermaxheaderscount | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
websockets | ws |
Version: >= 2.1.0, < 5.2.4 Version: >= 6.0.0, < 6.2.3 Version: >= 7.0.0, < 7.5.10 Version: >= 8.0.0, < 8.17.1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "2.1.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "5.2.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "6.0.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "6.2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "7.0.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "7.5.10", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { status: "affected", version: "8.0.0", }, ], }, { cpes: [ "cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ws", vendor: "websockets", versions: [ { lessThan: "8.17.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37890", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-18T13:25:45.808140Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T13:44:06.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:57:40.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", }, { name: "https://github.com/websockets/ws/issues/2230", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/issues/2230", }, { name: "https://github.com/websockets/ws/pull/2231", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/pull/2231", }, { name: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", }, { name: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", }, { name: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", }, { name: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", }, { name: "https://nodejs.org/api/http.html#servermaxheaderscount", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nodejs.org/api/http.html#servermaxheaderscount", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ws", vendor: "websockets", versions: [ { status: "affected", version: ">= 2.1.0, < 5.2.4", }, { status: "affected", version: ">= 6.0.0, < 6.2.3", }, { status: "affected", version: ">= 7.0.0, < 7.5.10", }, { status: "affected", version: ">= 8.0.0, < 8.17.1", }, ], }, ], descriptions: [ { lang: "en", value: "ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-17T19:09:02.127Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", }, { name: "https://github.com/websockets/ws/issues/2230", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/issues/2230", }, { name: "https://github.com/websockets/ws/pull/2231", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/pull/2231", }, { name: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f", }, { name: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e", }, { name: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c", }, { name: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", tags: [ "x_refsource_MISC", ], url: "https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63", }, { name: "https://nodejs.org/api/http.html#servermaxheaderscount", tags: [ "x_refsource_MISC", ], url: "https://nodejs.org/api/http.html#servermaxheaderscount", }, ], source: { advisory: "GHSA-3h5v-q93c-6h6q", discovery: "UNKNOWN", }, title: "Denial of service when handling a request with many HTTP headers in ws", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-37890", datePublished: "2024-06-17T19:09:02.127Z", dateReserved: "2024-06-10T19:54:41.360Z", dateUpdated: "2024-08-02T03:57:40.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42460
Vulnerability from cvelistv5
Published
2024-08-02 00:00
Modified
2024-08-02 15:06
Severity ?
EPSS score ?
Summary
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*", ], defaultStatus: "unknown", product: "elliptic", vendor: "elliptic_project", versions: [ { status: "affected", version: "6.5.6", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-42460", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-02T15:06:17.742511Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-130", description: "CWE-130 Improper Handling of Length Parameter Inconsistency", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T15:06:20.404Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T07:08:40.177526", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/indutny/elliptic/pull/317", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-42460", datePublished: "2024-08-02T00:00:00", dateReserved: "2024-08-02T00:00:00", dateUpdated: "2024-08-02T15:06:20.404Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45296
Vulnerability from cvelistv5
Published
2024-09-09 19:07
Modified
2025-01-24 20:03
Severity ?
EPSS score ?
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
pillarjs | path-to-regexp |
Version: < 0.1.10 Version: >= 0.2.0, < 8.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "path-to-regexp", vendor: "pillarjs", versions: [ { lessThan: "0.1.0", status: "affected", version: "0", versionType: "custom", }, { lessThan: "8.0.0", status: "affected", version: "0.2.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45296", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T19:32:57.513942Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T19:38:12.783Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-24T20:03:07.723Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250124-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "path-to-regexp", vendor: "pillarjs", versions: [ { status: "affected", version: "< 0.1.10", }, { status: "affected", version: ">= 0.2.0, < 8.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-09T19:07:40.313Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, { name: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", tags: [ "x_refsource_MISC", ], url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { name: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", tags: [ "x_refsource_MISC", ], url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, ], source: { advisory: "GHSA-9wv6-86v2-598j", discovery: "UNKNOWN", }, title: "path-to-regexp outputs backtracking regular expressions", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45296", datePublished: "2024-09-09T19:07:40.313Z", dateReserved: "2024-08-26T18:25:35.442Z", dateUpdated: "2025-01-24T20:03:07.723Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52798
Vulnerability from cvelistv5
Published
2024-12-05 22:45
Modified
2025-01-24 20:03
Severity ?
EPSS score ?
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
References
▼ | URL | Tags |
---|---|---|
https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w | x_refsource_CONFIRM | |
https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
pillarjs | path-to-regexp |
Version: < 0.1.12 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "path-to-regexp", vendor: "pillarjs", versions: [ { lessThan: "0.1.12", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52798", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T14:53:29.827845Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T14:54:43.939Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-24T20:03:11.852Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250124-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "path-to-regexp", vendor: "pillarjs", versions: [ { status: "affected", version: "< 0.1.12", }, ], }, ], descriptions: [ { lang: "en", value: "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 7.7, baseSeverity: "HIGH", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-05T22:45:42.774Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w", }, { name: "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4", tags: [ "x_refsource_MISC", ], url: "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4", }, ], source: { advisory: "GHSA-rhx6-c78j-4q9w", discovery: "UNKNOWN", }, title: "path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-52798", datePublished: "2024-12-05T22:45:42.774Z", dateReserved: "2024-11-15T17:11:13.440Z", dateUpdated: "2025-01-24T20:03:11.852Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43796
Vulnerability from cvelistv5
Published
2024-09-10 14:36
Modified
2024-09-10 15:58
Severity ?
EPSS score ?
Summary
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
References
▼ | URL | Tags |
---|---|---|
https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx | x_refsource_CONFIRM | |
https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T15:58:36.256748Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T15:58:45.956Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "express", vendor: "expressjs", versions: [ { status: "affected", version: "< 4.20.0", }, { status: "affected", version: ">= 5.0.0-alpha.1, < 5.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T14:36:27.380Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, { name: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, ], source: { advisory: "GHSA-qw6h-vgh9-j6wx", discovery: "UNKNOWN", }, title: "express vulnerable to XSS via response.redirect()", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-43796", datePublished: "2024-09-10T14:36:27.380Z", dateReserved: "2024-08-16T14:20:37.325Z", dateUpdated: "2024-09-10T15:58:45.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47764
Vulnerability from cvelistv5
Published
2024-10-04 19:09
Modified
2024-10-04 20:14
Severity ?
EPSS score ?
Summary
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.
References
▼ | URL | Tags |
---|---|---|
https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x | x_refsource_CONFIRM | |
https://github.com/jshttp/cookie/pull/167 | x_refsource_MISC | |
https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-47764", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T20:14:41.037183Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T20:14:56.059Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "cookie", vendor: "jshttp", versions: [ { status: "affected", version: "< 0.7.0", }, ], }, ], descriptions: [ { lang: "en", value: "cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-04T19:09:46.640Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x", }, { name: "https://github.com/jshttp/cookie/pull/167", tags: [ "x_refsource_MISC", ], url: "https://github.com/jshttp/cookie/pull/167", }, { name: "https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c", tags: [ "x_refsource_MISC", ], url: "https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c", }, ], source: { advisory: "GHSA-pxg6-pf52-xh8x", discovery: "UNKNOWN", }, title: "cookie accepts cookie name, path, and domain with out of bounds characters", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-47764", datePublished: "2024-10-04T19:09:46.640Z", dateReserved: "2024-09-30T21:28:53.231Z", dateUpdated: "2024-10-04T20:14:56.059Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43799
Vulnerability from cvelistv5
Published
2024-09-10 14:45
Modified
2024-09-10 19:34
Severity ?
EPSS score ?
Summary
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
References
▼ | URL | Tags |
---|---|---|
https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg | x_refsource_CONFIRM | |
https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43799", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:34:08.487499Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:34:18.557Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "send", vendor: "pillarjs", versions: [ { status: "affected", version: "< 0.19.0", }, ], }, ], descriptions: [ { lang: "en", value: "Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T14:45:06.761Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, { name: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", tags: [ "x_refsource_MISC", ], url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, ], source: { advisory: "GHSA-m6fv-jmcg-4jfg", discovery: "UNKNOWN", }, title: "send vulnerable to template injection that can lead to XSS", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-43799", datePublished: "2024-09-10T14:45:06.761Z", dateReserved: "2024-08-16T14:20:37.326Z", dateUpdated: "2024-09-10T19:34:18.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.