Lucene search

[email protected]CVE-2024-38375

HistoryJun 26, 2024 - 7:15 p.m.

CVE-2024-38375

2024-06-2619:15:13

CWE-416

[email protected]

web.nvd.nist.gov

javascript

fastly compute

data loss

bug

version 3.16.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the @fastly/js-compute package.

Affected configurations

Vulners

Node

fastlyjs-computeRange3.0.0–3.16.0

CNA Affected

[
  {
    "vendor": "fastly",
    "product": "js-compute-runtime",
    "versions": [
      {
        "version": ">= 3.0.0, < 3.16.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861b8fa8d9ff5d3

github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-9vqv

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-38375

osv2 github1 nvd1 cvelist1