CVE-2024-21539
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-21539 is a newly disclosed vulnerability affecting versions of the package @eslint/plugin-kit prior to 0.2.3. This issue exposes the software to a Regular Expression Denial of Service (ReDoS) attack due to insufficient input sanitization. An attacker can craft a malicious input that triggers an infinite loop in the regular expression engine, resulting in excessive CPU usage and potential program crash. This vulnerability poses a significant risk to applications that utilize the affected package and could lead to denial-of-service conditions. It is essential to update to the latest version of @eslint/plugin-kit to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.