Lucene search

TenableCVELIST:CVE-2024-1899

HistoryFeb 26, 2024 - 6:45 p.m.

CVE-2024-1899 Showdownjs Denial of Service

2024-02-2618:45:23

tenable

www.cve.org

showdownjs

anchor

subparser

vulnerability

denial of service

remote attacker

conditions

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

Percentile

9.0%

JSON

An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Showdown",
    "repo": "https://github.com/showdownjs/showdown",
    "vendor": "Showdownjs",
    "versions": [
      {
        "lessThanOrEqual": "2.1.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2024-05

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1899