8 matches found
ROOT-APP-NPM-CVE-2026-24001 CVE-2026-24001 in @rootio/diff - Patched by Root
Root has patched CVE-2026-24001 in the @rootio/diff package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-24001)
Summary IBM Security SOAR uses an older version of the jsdiff component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff ...
CVE-2026-24001 vulnerabilities
Vulnerabilities for packages: ts-patch, grafana, saf, renovate, npm, prism, thingsboard, tileserver-gl, vitess, argo-workflows, sqlpad, langfuse...
CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
Linux Distros Unpatched Vulnerability : CVE-2026-24001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers...
01-numacert (>=1.0.0 <=3.0.0), 101 (>=0.3.0 <=0.7.1) +22904 more potentially affected by CVE-2026-24001 via diff (>=1.0.1 <=3.5.0)
diff NPM version =1.0.1, =1.0.0, =0.3.0, =0.0.15, =1.0.4, =5.4.4, =5.4.4, =2.2.1, =1.1.8, =1.0.0, =1.0.0, =2.0.0, =0.1.0, =0.0.97, =0.0.981 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...
02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +3291 more potentially affected by CVE-2026-24001 via diff (>=5.0.0 <=5.2.0)
diff NPM version =5.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =1.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.6.0 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...
0g-serving-broker (=0.1.0), 10x-cli (=0.0.7) +3297 more potentially affected by CVE-2026-24001 via diff (>=6.0.0 <=8.0.2)
diff NPM version =6.0.0, =0.1.0, =1.0.0, =0.5.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.11, =1.7.0 and more Source cves: CVE-2026-24001 Source advisory: SNYK:JS-DIFF-14917201...