6 matches found
CVE-2024-39249
A flaw was found in the async Node.js package. A Regular expression Denial of Service ReDoS attack can potentially be triggered via the autoinject function while parsing specially crafted input...
CVE-2024-39249
Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...
UBUNTU-CVE-2024-39249
Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...
CVE-2024-39249
Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...
PT-2024-28409 · Async · Async
Name of the Vulnerable Software and Affected Versions: Async versions 2.6.4 and earlier, Async versions 3.2.5 and earlier Description: The issue concerns a ReDoS Regular Expression Denial of Service vulnerability while parsing a function in the autoinject function. It is noted that the supplier...
CVE-2024-39249
Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...