Vulnerability Description
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861
- https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-
- https://github.com/fastly/js-compute-runtime/commit/4e16641ef4e159c4a11b500ac861
- https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-mp3g-vpm9-
FAQ
What is CVE-2024-38375?
CVE-2024-38375 is a vulnerability with a CVSS score of 5.3 (MEDIUM). @fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could all...
How severe is CVE-2024-38375?
CVE-2024-38375 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38375?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.