CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-39249 – nodejs-async: Regular expression denial of service while parsing function in autoinject
https://notcve.org/view.php?id=CVE-2024-39249
Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. ... A Regular expression Denial of Service (ReDoS) attack can potentially be triggered via the autoinject function while parsing specially crafted input. • https://github.com/zunak/CVE-2024-39249 https://github.com/caolan/async/blob/v3.2.5/lib/autoInject.js#L41 https://github.com/caolan/async/blob/v3.2.5/lib/autoInject.js#L6 https://github.com/caolan/async/issues/1975#issuecomment-2204528153 https://github.com/zunak/CVE-2024-39249/issues/1 https://access.redhat.com/security/cve/CVE-2024-39249 https://bugzilla.redhat.com/show_bug.cgi?id=2295035 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39008
https://notcve.org/view.php?id=CVE-2024-39008
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/f09a507c8d59fbbb7fd40880cd9b87ed • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39002
https://notcve.org/view.php?id=CVE-2024-39002
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39013
https://notcve.org/view.php?id=CVE-2024-39013
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/a2be744675af5ece3240c19fd04fc5e1 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-39853
https://notcve.org/view.php?id=CVE-2024-39853
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. ... Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •