Lucene search

TenableVULNRICHMENT:CVE-2024-1899

HistoryFeb 26, 2024 - 6:45 p.m.

CVE-2024-1899 Showdownjs Denial of Service

2024-02-2618:45:23

tenable

github.com

cve-2024-1899

showdownjs

denial of service

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:showdownjs:showdown:*:*:*:*:*:*:*:*"
    ],
    "vendor": "showdownjs",
    "product": "showdown",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.1.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.tenable.com/security/research/tra-2024-05

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1899