CVE-2024-9506

Oct. 16, 2024, 4:38 p.m.

3.7
Low

Description

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

Product(s) Impacted

Product Versions
Vue.js

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1333
Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

https://www.herodevs.com/vulnerability-directory/cve-2024-9506

Tags

CWE-1333
36c7be3b-2937-45df-85ea-ca7133ea542c
2024-10-15
CVE-2024-9506

CVSS Score

3.7 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

    View Vector String

Timeline

Published: Oct. 15, 2024, 4:15 p.m.
Last Modified: Oct. 16, 2024, 4:38 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

36c7be3b-2937-45df-85ea-ca7133ea542c

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.