We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21539



Description

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability.

Reserved 2023-12-22 | Published 2024-11-19 | Updated 2024-11-19 | Assigner snyk


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Problem types

Regular Expression Denial of Service (ReDoS)

Credits

Rongchen Li

References

security.snyk.io/vuln/SNYK-JS-ESLINTPLUGINKIT-8340627

github.com/...ommit/071be842f0bd58de4863cdf2ab86d60f49912abf

cve.org (CVE-2024-21539)

nvd.nist.gov (CVE-2024-21539)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21539

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.