Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-38375

June 26, 2024, 7:15 p.m.

CVSS Score

5.3 / 10

Product(s) Impacted

@fastly/js-compute

  • 3.16.0

Description

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.

Weaknesses

CWE-416
Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CWE ID: 416

Date

Published: June 26, 2024, 7:15 p.m.

Last Modified: June 26, 2024, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

Base Score
5.3
Exploitability Score
0.5
Impact Score
4.7
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

References

https://github.com/ security-advisories@github.com

https://github.com/ security-advisories@github.com