CVE-2024-27088

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions es5-ext versions prior to 0.10.63

Description The issue is related to the es5-ext package, which contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into function#copy or function#toStringTokens may cause the script to stall. This can lead to a denial of service.

Recommendations For versions prior to 0.10.63, update to version 0.10.63 or later to resolve the issue. As a temporary workaround, consider refraining from using the function#copy and function#toStringTokens utilities until a patch is applied.

Exploit

Fix

Resource Exhaustion

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

BDU:2024-06866

CVE-2024-27088

GHSA-4GMJ-3P3H-GM8H

Affected Products

Astra Linux

Debian

Red Os

Es5-Ext

CVE-2024-27088

Weakness Enumeration

Related Identifiers

Affected Products

References · 21