Vulnerability Description
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
CVSS Score
NONE
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Medikoo | Es5-Ext | >= 0.10.0, < 0.10.63 |
Related Weaknesses (CWE)
References
- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8Patch
- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e2946Patch
- https://github.com/medikoo/es5-ext/issues/201ExploitIssue Tracking
- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8hPatchVendor Advisory
- https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8Patch
- https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e2946Patch
- https://github.com/medikoo/es5-ext/issues/201ExploitIssue Tracking
- https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8hPatchVendor Advisory
FAQ
What is CVE-2024-27088?
CVE-2024-27088 is a vulnerability with a CVSS score of 0.0 (NONE). es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The ...
How severe is CVE-2024-27088?
CVE-2024-27088 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27088?
Check the references section above for vendor advisories and patch information. Affected products include: Medikoo Es5-Ext.