CVE-2024-21539

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 1333
CWE ID 770

Summary

CVE-2024-21539 is a newly disclosed vulnerability affecting versions of the package @eslint/plugin-kit prior to 0.2.3. This issue exposes the software to a Regular Expression Denial of Service (ReDoS) attack due to insufficient input sanitization. An attacker can craft a malicious input that triggers an infinite loop in the regular expression engine, resulting in excessive CPU usage and potential program crash. This vulnerability poses a significant risk to applications that utilize the affected package and could lead to denial-of-service conditions. It is essential to update to the latest version of @eslint/plugin-kit to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share