CVE-2024-21539
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Summary
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | @eslint/plugin-kit | 0 < 0.2.3 | affected |
Weaknesses
- CWE-1333: Regular Expression Denial of Service (ReDoS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://security.snyk.io/vuln/SNYK-JS-ESLINTPLUGINKIT-8340627
- https://github.com/eslint/rewrite/commit/071be842f0bd58de4863cdf2ab86d60f49912abf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.