Vulnerability Description
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc
- https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
- https://github.com/TooTallNate/node-speaker/blob/316afff5a393fce438cf7296011fcfc
- https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676
FAQ
What is CVE-2024-21526?
CVE-2024-21526 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert ...
How severe is CVE-2024-21526?
CVE-2024-21526 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21526?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.