Vulnerability-Lookup

CERTFR-2024-AVI-1015

Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les vulnérabilités CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar Pre-Validation App versions antérieures à 2.0.1
IBM	QRadar	QRadar Pulse App versions antérieures à 2.2.15
IBM	WebSphere	WebSphere Hybrid Edition sans le correctif APAR PH63533
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25
IBM	AIX	AIX version 7.3 sans le correctif bind_fix27/73bind918.tar
IBM	VIOS	VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar
IBM	WebSphere	WebSphere Application Server Liberty sans le correctif APAR PH63533
IBM	Cloud Pak System	Cloud Pak System versions antérieures à 2.3.5.0 pour Power avec le correctif PH60195/PH61002
IBM	AIX	AIX version 7.2 sans le correctif bind_fix27/72bind918.tar
IBM	VIOS	VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26
IBM	Cloud Pak System	Cloud Pak System versions antérieures à 2.3.4.1 pour Intel avec le correctif PH60195/PH61002
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11
IBM	QRadar	QRadar User Behavior Analytics versions antérieures à 4.1.17

References

Title

Publication Time

CVE-2024-39689 (GCVE-0-2024-39689)

Vulnerability from cvelistv5 – Published: 2024-07-05 18:39 – Updated: 2025-02-14 23:19

Title

Certifi removes GLOBALTRUST root certificate

Summary

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/certifi/python-certifi/securit…	x_refsource_CONFIRM
https://github.com/certifi/python-certifi/commit/…	x_refsource_MISC
https://groups.google.com/a/mozilla.org/g/dev-sec…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2024120…

Impacted products

1 product

Vendor	Product	Version
certifi	python-certifi	Affected: >= 2021.5.30, < 2024.7.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T20:06:09.735041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T20:06:22.343Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-06T13:09:31.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc"
          },
          {
            "name": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"
          },
          {
            "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241206-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python-certifi",
          "vendor": "certifi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2021.5.30, \u003c 2024.7.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla\u0027s trust store. `GLOBALTRUST`\u0027s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\""
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-14T23:19:13.111Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc"
        },
        {
          "name": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"
        },
        {
          "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI"
        }
      ],
      "source": {
        "advisory": "GHSA-248v-346w-9cwc",
        "discovery": "UNKNOWN"
      },
      "title": "Certifi removes GLOBALTRUST root certificate"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39689",
    "datePublished": "2024-07-05T18:39:33.202Z",
    "dateReserved": "2024-06-27T18:44:13.035Z",
    "dateUpdated": "2025-02-14T23:19:13.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4068 (GCVE-0-2024-4068)

Vulnerability from cvelistv5 – Published: 2024-05-13 10:06 – Updated: 2024-11-06 13:10

Title

Memory Exhaustion in braces

Summary

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1050 - Excessive Platform Resource Consumption within a Loop
CWE-400 - Uncontrolled Resource Consumption

Assigner

Checkmarx

References

5 references

URL	Tags
https://github.com/micromatch/braces/issues/35
https://devhub.checkmarx.com/cve-details/CVE-2024-4068/
https://github.com/micromatch/braces/pull/37
https://github.com/micromatch/braces/pull/40
https://github.com/micromatch/braces/commit/415d6…

Impacted products

2 products

Vendor	Product	Version
micromatch	braces	Affected: 0 , ≤ 3.0.2 (git)
micromatch	braces	Affected: 0 , < 3.0.3 (custom) cpe:2.3:a:micromatch:braces:3.0.3:::::::*

Date Public

2024-05-13 12:44

Credits

Mário Teixeira, Checkmarx Research Group

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:micromatch:braces:3.0.3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "braces",
            "vendor": "micromatch",
            "versions": [
              {
                "lessThan": "3.0.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T11:10:08.649102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T20:12:58.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:57.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micromatch/braces/issues/35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micromatch/braces/pull/37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micromatch/braces/pull/40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.npmjs.com/package/micromatch",
          "defaultStatus": "unknown",
          "packageName": "braces",
          "product": "braces",
          "programFiles": [
            "lib/parse.js"
          ],
          "repo": "https://github.com/micromatch/braces",
          "vendor": "micromatch",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.0.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "M\u00e1rio Teixeira, Checkmarx Research Group"
        }
      ],
      "datePublic": "2024-05-13T12:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eThe NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.\u003c/p\u003e\u003c/div\u003e"
            }
          ],
          "value": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1050",
              "description": "CWE-1050: Excessive Platform Resource Consumption within a Loop",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T13:10:11.179Z",
        "orgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
        "shortName": "Checkmarx"
      },
      "references": [
        {
          "url": "https://github.com/micromatch/braces/issues/35"
        },
        {
          "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/"
        },
        {
          "url": "https://github.com/micromatch/braces/pull/37"
        },
        {
          "url": "https://github.com/micromatch/braces/pull/40"
        },
        {
          "url": "https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to version\u0026nbsp;3.0.3 to mitigate the issue."
            }
          ],
          "value": "Update to version\u00a03.0.3 to mitigate the issue."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Memory Exhaustion in braces",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
    "assignerShortName": "Checkmarx",
    "cveId": "CVE-2024-4068",
    "datePublished": "2024-05-13T10:06:38.152Z",
    "dateReserved": "2024-04-23T13:31:17.738Z",
    "dateUpdated": "2024-11-06T13:10:11.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4076 (GCVE-0-2024-4076)

Vulnerability from cvelistv5 – Published: 2024-07-23 14:40 – Updated: 2025-02-13 17:53

Title

Assertion failure when serving both stale cache data and authoritative zone content

Summary

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-617 - Reachable Assertion

Assigner

isc

References

4 references

URL	Tags
https://kb.isc.org/docs/cve-2024-4076	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/07/23/1
http://www.openwall.com/lists/oss-security/2024/07/31/2
https://security.netapp.com/advisory/ntap-2024073…

Impacted products

2 products

Vendor	Product	Version
ISC	BIND 9	Affected: 9.16.13 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.27 (custom) Affected: 9.19.0 , ≤ 9.19.24 (custom) Affected: 9.11.33-S1 , ≤ 9.11.37-S1 (custom) Affected: 9.16.13-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.27-S1 (custom)
isc	bind	Affected: 9.16.13 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.27 (custom) Affected: 9.19.0 , ≤ 9.19.24 (custom) Affected: 9.11.33-s1 , ≤ 9.11.37-s1 (custom) Affected: 9.16.13-s1 , ≤ 9.16.50-s1 (custom) Affected: 9.18.11-s1 , ≤ 9.18.27-s1 (custom) cpe:2.3:a:isc:bind::::::::

Date Public

2024-07-23 00:00

Credits

ISC would like to thank Daniel Stränger for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bind",
            "vendor": "isc",
            "versions": [
              {
                "lessThanOrEqual": "9.16.50",
                "status": "affected",
                "version": "9.16.13",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "9.18.27",
                "status": "affected",
                "version": "9.18.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "9.19.24",
                "status": "affected",
                "version": "9.19.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "9.11.37-s1",
                "status": "affected",
                "version": "9.11.33-s1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "9.16.50-s1",
                "status": "affected",
                "version": "9.16.13-s1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "9.18.27-s1",
                "status": "affected",
                "version": "9.18.11-s1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4076",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T15:10:37.488270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-617",
                "description": "CWE-617 Reachable Assertion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T18:47:06.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:51.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240731-0001/"
          },
          {
            "name": "CVE-2024-4076",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2024-4076"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.16.13",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.27",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.19.24",
              "status": "affected",
              "version": "9.19.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.11.37-S1",
              "status": "affected",
              "version": "9.11.33-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.16.13-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.27-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Daniel Str\u00e4nger for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2024-07-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "A `named` instance vulnerable to this logic error may terminate unexpectedly."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-31T11:05:58.936Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2024-4076",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2024-4076"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Assertion failure when serving both stale cache data and authoritative zone content",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disabling serve-stale answers mitigates this issue."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2024-4076",
    "datePublished": "2024-07-23T14:40:57.256Z",
    "dateReserved": "2024-04-23T13:59:44.699Z",
    "dateUpdated": "2025-02-13T17:53:23.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43788 (GCVE-0-2024-43788)

Vulnerability from cvelistv5 – Published: 2024-08-27 17:07 – Updated: 2025-01-09 17:41

Title

DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)

Summary

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/webpack/webpack/security/advis…	x_refsource_CONFIRM
https://github.com/webpack/webpack/issues/18718#i…	x_refsource_MISC
https://github.com/webpack/webpack/commit/955e057…	x_refsource_MISC
https://research.securitum.com/xss-in-amp4email-d…	x_refsource_MISC
https://scnps.co/papers/sp23_domclob.pdf	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
webpack	webpack	Affected: >= 5.0.0-alpha.0, < 5.94.0
webpack	webpack	Affected: 0 , < 5.94.0 (custom) cpe:2.3:a:webpack:webpack::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:webpack:webpack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "webpack",
            "vendor": "webpack",
            "versions": [
              {
                "lessThan": "5.94.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43788",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T18:09:32.950161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T17:41:35.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "webpack",
          "vendor": "webpack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.0, \u003c 5.94.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack\u2019s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-03T14:51:39.140Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
        },
        {
          "name": "https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270"
        },
        {
          "name": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
        },
        {
          "name": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
        },
        {
          "name": "https://scnps.co/papers/sp23_domclob.pdf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://scnps.co/papers/sp23_domclob.pdf"
        }
      ],
      "source": {
        "advisory": "GHSA-4vvj-4cpr-p986",
        "discovery": "UNKNOWN"
      },
      "title": "DOM Clobbering Gadget found in Webpack\u0027s AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43788",
    "datePublished": "2024-08-27T17:07:16.285Z",
    "dateReserved": "2024-08-16T14:20:37.323Z",
    "dateUpdated": "2025-01-09T17:41:35.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43796 (GCVE-0-2024-43796)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:36 – Updated: 2024-09-10 15:58

Title

express vulnerable to XSS via response.redirect()

Summary

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expressjs/express/security/adv…	x_refsource_CONFIRM
https://github.com/expressjs/express/commit/54271…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	express	Affected: < 4.20.0 Affected: >= 5.0.0-alpha.1, < 5.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:58:36.256748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:58:45.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.20.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Express.js minimalist web framework for node. In express \u003c 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:36:27.380Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
        },
        {
          "name": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
        }
      ],
      "source": {
        "advisory": "GHSA-qw6h-vgh9-j6wx",
        "discovery": "UNKNOWN"
      },
      "title": "express vulnerable to XSS via response.redirect()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43796",
    "datePublished": "2024-09-10T14:36:27.380Z",
    "dateReserved": "2024-08-16T14:20:37.325Z",
    "dateUpdated": "2024-09-10T15:58:45.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43799 (GCVE-0-2024-43799)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:45 – Updated: 2025-11-03 19:30

Title

send vulnerable to template injection that can lead to XSS

Summary

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/pillarjs/send/security/advisor…	x_refsource_CONFIRM
https://github.com/pillarjs/send/commit/ae4f29894…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
pillarjs	send	Affected: < 0.19.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:34:08.487499Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:34:18.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:41.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "send",
          "vendor": "pillarjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.19.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:45:06.761Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
        },
        {
          "name": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
        }
      ],
      "source": {
        "advisory": "GHSA-m6fv-jmcg-4jfg",
        "discovery": "UNKNOWN"
      },
      "title": "send vulnerable to template injection that can lead to XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43799",
    "datePublished": "2024-09-10T14:45:06.761Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2025-11-03T19:30:41.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43800 (GCVE-0-2024-43800)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:50 – Updated: 2024-09-10 19:08

Title

serve-static affected by template injection that can lead to XSS

Summary

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/expressjs/serve-static/securit…	x_refsource_CONFIRM
https://github.com/expressjs/serve-static/commit/…	x_refsource_MISC
https://github.com/expressjs/serve-static/commit/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	serve-static	Affected: < 1.16.0 Affected: >= 2.0.0, < 2.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:07:51.583443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:08:02.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "serve-static",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.16.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:50:06.043Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
        },
        {
          "name": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
        },
        {
          "name": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
        }
      ],
      "source": {
        "advisory": "GHSA-cm22-4g7w-348p",
        "discovery": "UNKNOWN"
      },
      "title": "serve-static affected by template injection that can lead to XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43800",
    "datePublished": "2024-09-10T14:50:06.043Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2024-09-10T19:08:02.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45296 (GCVE-0-2024-45296)

Vulnerability from cvelistv5 – Published: 2024-09-09 19:07 – Updated: 2025-01-24 20:03

Title

path-to-regexp outputs backtracking regular expressions

Summary

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/pillarjs/path-to-regexp/securi…	x_refsource_CONFIRM
https://github.com/pillarjs/path-to-regexp/commit…	x_refsource_MISC
https://github.com/pillarjs/path-to-regexp/commit…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2025012…

Impacted products

2 products

Vendor	Product	Version
pillarjs	path-to-regexp	Affected: < 0.1.10 Affected: >= 0.2.0, < 8.0.0
pillarjs	path-to-regexp	Affected: 0 , < 0.1.0 (custom) Affected: 0.2.0 , < 8.0.0 (custom) cpe:2.3:a:pillarjs:path-to-regexp::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "path-to-regexp",
            "vendor": "pillarjs",
            "versions": [
              {
                "lessThan": "0.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.0",
                "status": "affected",
                "version": "0.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:32:57.513942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:38:12.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-24T20:03:07.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250124-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "path-to-regexp",
          "vendor": "pillarjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.2.0, \u003c 8.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-09T19:07:40.313Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
        },
        {
          "name": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
        },
        {
          "name": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
        }
      ],
      "source": {
        "advisory": "GHSA-9wv6-86v2-598j",
        "discovery": "UNKNOWN"
      },
      "title": "path-to-regexp outputs backtracking regular expressions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45296",
    "datePublished": "2024-09-09T19:07:40.313Z",
    "dateReserved": "2024-08-26T18:25:35.442Z",
    "dateUpdated": "2025-01-24T20:03:07.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45590 (GCVE-0-2024-45590)

Vulnerability from cvelistv5 – Published: 2024-09-10 15:54 – Updated: 2024-09-10 18:47

Title

body-parser vulnerable to denial of service when url encoding is enabled

Summary

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expressjs/body-parser/security…	x_refsource_CONFIRM
https://github.com/expressjs/body-parser/commit/b…	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
expressjs	body-parser	Affected: < 1.20.3
expressjs	body-parser	Affected: 0 , < 1.20.3 (custom) cpe:2.3:a:expressjs:body-parser::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "body-parser",
            "vendor": "expressjs",
            "versions": [
              {
                "lessThan": "1.20.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T18:42:41.773305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:47:22.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "body-parser",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.20.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T15:54:02.330Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
        },
        {
          "name": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
        }
      ],
      "source": {
        "advisory": "GHSA-qwcr-r2fm-qrc7",
        "discovery": "UNKNOWN"
      },
      "title": "body-parser vulnerable to denial of service when url encoding is enabled"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45590",
    "datePublished": "2024-09-10T15:54:02.330Z",
    "dateReserved": "2024-09-02T16:00:02.422Z",
    "dateUpdated": "2024-09-10T18:47:22.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45801 (GCVE-0-2024-45801)

Vulnerability from cvelistv5 – Published: 2024-09-16 18:25 – Updated: 2024-09-16 20:04

Title

Tampering by prototype polution in DOMPurify

Summary

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/cure53/DOMPurify/security/advi…	x_refsource_CONFIRM
https://github.com/cure53/DOMPurify/commit/1e5202…	x_refsource_MISC
https://github.com/cure53/DOMPurify/commit/26e1d6…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
cure53	DOMPurify	Affected: < 2.5.4 Affected: >=3.0.0, < 3.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45801",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T20:04:30.471934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T20:04:47.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DOMPurify",
          "vendor": "cure53",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.5.4"
            },
            {
              "status": "affected",
              "version": "\u003e=3.0.0, \u003c 3.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T18:25:28.065Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
        },
        {
          "name": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
        },
        {
          "name": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
        }
      ],
      "source": {
        "advisory": "GHSA-mmhx-hmjr-r674",
        "discovery": "UNKNOWN"
      },
      "title": "Tampering by prototype polution in DOMPurify"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45801",
    "datePublished": "2024-09-16T18:25:28.065Z",
    "dateReserved": "2024-09-09T14:23:07.503Z",
    "dateUpdated": "2024-09-16T20:04:47.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-1015

Solutions

CVE-2024-39689 (GCVE-0-2024-39689)

CVE-2024-4068 (GCVE-0-2024-4068)

CVE-2024-4076 (GCVE-0-2024-4076)

CVE-2024-43788 (GCVE-0-2024-43788)

CVE-2024-43796 (GCVE-0-2024-43796)

CVE-2024-43799 (GCVE-0-2024-43799)

CVE-2024-43800 (GCVE-0-2024-43800)

CVE-2024-45296 (GCVE-0-2024-45296)

CVE-2024-45590 (GCVE-0-2024-45590)

CVE-2024-45801 (GCVE-0-2024-45801)

Tags

Sightings

Nomenclature