CVE-2024-21524
CVSS V2 None
CVSS V3 None
Description
All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.
Overview
- CVE ID
- CVE-2024-21524
- Assigner
- snyk
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-10T05:00:05.257Z
- Last Modified Date
- 2024-07-10T05:00:05.257Z
Weakness Enumerations
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21524 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21524 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-07-10 13:48:39 | Added to TrackCVE |