CVE-2024-21524

CVSS V2 None CVSS V3 None
Description
All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.
Overview
  • CVE ID
  • CVE-2024-21524
  • Assigner
  • snyk
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-10T05:00:05.257Z
  • Last Modified Date
  • 2024-07-10T05:00:05.257Z
History
Created Old Value New Value Data Type Notes
2024-07-10 13:48:39 Added to TrackCVE