CVE-2024-9506

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Oct 15, 2024

Updated: Oct 16, 2024

CWE ID 1333

Summary

CVE-2024-9506 is a newly disclosed vulnerability affecting Vue's parseHTML function. This issue arises due to an improper handling of regular expressions in the parseHTML function, which could potentially result in a regular expression denial of service (ReDoS) attack. An attacker could craft a specially crafted regular expression pattern to cause the function to consume excessive system resources, leading to a denial of service condition. Developers using Vue are advised to update to the latest version of the library to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vue.js

Affected Vendors

Vue.js

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zLz55F
https://www.cve.org/CVERecord?id=CVE-2024-9506
https://nvd.nist.gov/vuln/detail/CVE-2024-9506

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners