PT-2024-18935 · Unknown · @Discordjs/Opus
Alessio Della Libera
·
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-21521
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
@discordjs/opus versions all
Description
The issue is related to a Denial of Service (DoS) condition that can occur when an input object with a
toString property is provided to several different functions. This can lead to a system or process crash.Recommendations
As a temporary workaround, consider restricting the input to functions to prevent objects with a
toString property from being processed until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Resource Exhaustion
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
@Discordjs/Opus