CVE-2024-43357
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2024-43357 is a vulnerability affecting the ECMAScript (JavaScript) specification related to async generators. Introduced by a May 2021 refactor, this issue allows for the misinterpretation of IteratorResult objects, which can become then-able and trigger arbitrary behavior. This can result in violations of internal invariants and potential security concerns such as type confusion and pointer dereference. Although the issue has been addressed in the latest ECMAScript specification, it is crucial for JavaScript engine implementors to update their implementations accordingly to ensure compliance with the `AsyncGenerator` section. (References: [1], [2], [3], [4], [5], [6])
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- ECMA-262