GitHub Advisory DatabaseGHSA-MP3G-VPM9-9VQV@fastly/js-compute has a use-after-free in some host call implementations
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Impact
The implementation of the following functions were determined to include a use-after-free bug:
FetchEvent.client.tlsCipherOpensslNameFetchEvent.client.tlsProtocolFetchEvent.client.tlsClientCertificateFetchEvent.client.tlsJA3MD5FetchEvent.client.tlsClientHelloCacheEntry.prototype.userMetadataof thefastly:cachesubsystemDevice.lookupof thefastly:devicesubsystem
This bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request.
Patches
This bug has been fixed in version 3.16.0 of the @fastly/js-compute package.
Workarounds
There are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| @fastly/js-compute | lt | 3.16.0 |
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%