PT-2019-11492 · Jsish · Jsish
Publicado
2019-07-25
·
Atualizado
2019-08-01
·
CVE-2019-1010172
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Jsish version 2.4.84
Description:
The issue is related to Uncontrolled Resource Consumption, which can lead to a denial of service. It is caused by executing crafted JavaScript code, specifically affecting the
jsiValueGetString function in jsiUtils.c.Recommendations:
For Jsish version 2.4.84, update to a version after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39 to resolve the issue. As a temporary workaround, consider restricting the execution of crafted JavaScript code to minimize the risk of exploitation.
Correção
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jsish